Monitoring Digital Content Usage History to Prevent Digital Content Misuse

ABSTRACT

A method for preventing digital content misuse can include receiving, by a digital content delivery system, a request from a client-side computing device to access digital content maintained by the digital content delivery system; determining, by the digital content delivery system, that a number of times the client-side computing device has accessed digital content meets or exceeds a threshold number of times the client-side computing device is permitted to access digital content; and in response to determining that the number of times the client-side computing device has accessed digital content meets or exceeds the threshold number, denying the request and executing a remedial action.

CROSS-REFERENCE TO RELATED APPLICATIONS

The present application claims the benefit of priority of U.S.Provisional Application No. 62/250,945, filed on Nov. 4, 2015, which isincorporated herein by reference in its entirety.

BACKGROUND

With the advent of digital data and the Internet, digital content cannow be shared quickly and easily to users in almost any geographiclocation. For example, digital content posted publicly to websites canbe accessed by any user with a computer and internet connection.Although sharing digital content, particularly digital content that isintended to be accessed with no restrictions, has become much easier,the threat of unauthorized access and/or use of digital content that isintended to be restricted has increased. For example, some digitalcontent can be intended to be accessed and/or used under specifiedrestricted conditions, such as confidential content, sensitive content,licensed content, etc.

Current systems focus their security efforts on restricting initialaccess to digital content, and provide little to no security onceinitial access has been granted. For example, many systems will requireinitial user authentication (e.g., user name, password, devicerecognition, etc.,) prior to providing access to digital content, but donot monitor use of the digital content after initial access is granted.As a result, digital content can easily be misused, copied, shared, etc.Accordingly, improvements are needed.

BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS

To easily identify the discussion of any particular element or act, themost significant digit or digits in a reference number refer to thefigure number in which that element is first introduced.

FIG. 1 shows an example digital content distribution network.

FIG. 2 shows a block diagram of a client-side digital content deliverydevice configured to determine whether digital content is being misusedbased on the location of the client-side digital content deliverydevice.

FIG. 3 shows an example method for determining whether digital contentis being misused based on the location of a client-side digital contentdelivery device.

FIG. 4 shows a block diagram of a client-side digital content deliverydevice configured to determine whether digital content is being misusedbased on a number of mobile computing devices detected by theclient-side digital content delivery device.

FIG. 5 shows an example method for determining whether digital contentis being misused based on a number of mobile computing devices detectedby a client-side digital content delivery device.

FIG. 6 shows a block diagram of a client-side digital content deliverydevice configured to limit use of digital content to an authenticatedviewing device.

FIG. 7 shows an example method for limiting use of digital content to anauthenticated viewing device.

FIG. 8 shows an example system configured to determine whether digitalcontent is being misused.

FIG. 9 shows an example method for determining whether digital contentis being misused.

FIG. 10 shows a block diagram of a digital content delivery systemconfigured to determine whether content is being misused.

FIG. 11 shows an example method for determining whether digital contentis being misused.

FIG. 12 shows a block diagram of a digital content delivery systemconfigured to cluster usage signal data to determine whether digitalcontent is being misused.

FIG. 13 shows an example method for clustering usage signal data todetermine whether digital content is being misused.

FIG. 14 shows an example method for clustering usage signal data todetermine whether digital content is being misused.

FIG. 15 shows an example system configured to issue digital credentials.

FIG. 16 shows an example method for issuing digital credentials.

FIG. 17 shows an example method for reserving digital credentials to ascheduled presentation of a digital content item.

FIGS. 18A-18L show example screenshots of an exhibitor interface,

FIG. 19 is a block diagram illustrating a representative softwarearchitecture, which may be used in conjunction with various hardwarearchitectures herein described.

FIG. 20 is a block diagram illustrating components of a machine,according to some example embodiments, able to read instructions from amachine-readable medium (e.g., a machine-readable storage medium) andperform any one or more of the methodologies discussed herein.

FIG. 21 is a diagrammatic representation of a content distributionnetwork within which various example embodiments may be implemented.

FIG. 22 is a block diagram illustrating a network-based moviedistribution system, according to some example embodiments.

FIG. 23 is a block diagram illustrating a further details of subscribermanagement and ticketing technology, according to some exampleembodiments, as implemented between a movie distribution system andexhibitors.

FIG. 24 is a schematic representation of interactions between variouscomponents described with reference to the preceding figures.

FIG. 25 illustrates a routine in accordance with one embodiment.

FIG. 26 illustrates a routine in accordance with one embodiment.

FIG. 27 illustrates a routine in accordance with one embodiment.

FIG. 28 illustrates a routine in accordance with one embodiment.

FIG. 29 illustrates a routine in accordance with one embodiment.

FIG. 30 illustrates a routine in accordance with one embodiment.

FIG. 31 is a diagrammatic representation of a content distributionnetwork within which various example embodiments may be implemented.

FIG. 32 is a diagrammatic representation of another content distributionnetwork within which various example embodiments may be implemented.

FIG. 33 is a diagrammatic representation of yet another contentdistribution network within which various example embodiments may beimplemented.

FIG. 34 is a diagrammatic representation of server-side watermarkingaccording to some example embodiments.

FIG. 35 is a diagrammatic representation of set-top-box watermarkingaccording to some example embodiments.

FIG. 36 is a diagrammatic representation of the content distributionnetwork of FIG. 31 with an example watermarking implementation withinwhich various example embodiments may be implemented.

FIG. 37 is a block diagram illustrating a set-top box, according to someexample embodiments.

FIG. 38 is a diagrammatic representation of services of a contentdistribution network within which various example embodiments may beimplemented.

DETAILED DESCRIPTION Glossary

“CARRIER SIGNAL” in this context refers to any intangible medium that iscapable of storing, encoding, or carrying instructions for execution bythe machine, and includes digital or analog communications signals orother intangible medium to facilitate communication of suchinstructions. Instructions may be transmitted or received over thenetwork using a transmission medium via a network interface device andusing any one of a number of well-known transfer protocols.

“CLIENT-SIDE DIGITAL CONTENT DELIVERY DEVICE” in this context refers toany machine that interfaces to a communication network to obtainresources from one or more server systems or other computing device. Aclient-side digital content delivery device may be, but is not limitedto, a mobile phone, desktop computer, laptop, portable digitalassistants (PDAs), smart phones, tablets, ultra books, netbooks,laptops, multi-processor systems, microprocessor-based or programmableconsumer electronics, game consoles, set-top boxes, or any othercommunication device that a user may use to access a network.

“COMMUNICATION NETWORK” in this context refers to one or more portionsof a network that may be an ad hoc network, an intranet, an extranet, avirtual private network (VPN), a local area network (LAN), a wirelessLAN (WLAN), a wide area network (WAN), a wireless WAN (WWAN), ametropolitan area network (MAN), the Internet, a portion of theInternet, a portion of the Public Switched Telephone Network (PSTN), aplain old telephone service (POTS) network, a cellular telephonenetwork, a wireless network, a Wi-Fi® network, another type of network,or a combination of two or more such networks. For example, a network ora portion of a network may include a wireless or cellular network andthe coupling may be a Code Division Multiple Access (CDMA) connection, aGlobal System for Mobile communications (GSM) connection, or other typeof cellular or wireless coupling. In this example, the coupling mayimplement any of a variety of types of data transfer technology, such asSingle Carrier Radio Transmission Technology (1×RTT), Evolution-DataOptimized (EVDO) technology, General Packet Radio Service (GPRS)technology, Enhanced Data rates for GSM Evolution (EDGE) technology,third Generation Partnership Project (3GPP) including 3G, fourthgeneration wireless (4G) networks, Universal Mobile TelecommunicationsSystem (UMTS), High Speed Packet Access (HSPA), WorldwideInteroperability for Microwave Access (WiMAX), Long Term Evolution (LTE)standard, others defined by various standard setting organizations,other long range protocols, or other data transfer technology,

“DIGITAL CONTENT DELIVERY SYSTEM OR DIGITAL CONTENT DISTRIBUTIONNETWORK” in this context refers to a system of distributed servers (e.g.networked proxy server) that deliver digital content to a user.

“MACHINE-READABLE MEDIUM” in this context refers to a component, deviceor other tangible media able to store instructions and data temporarilyor permanently and may include, but is not limited to, random-accessmemory (RAM), read-only memory (ROM), buffer memory, flash memory,optical media, magnetic media, cache memory, other types of storage(e.g., Erasable Programmable Read-Only Memory (EEPROM)) and/or anysuitable combination thereof. The term “machine-readable medium” shouldbe taken to include a single medium or multiple media (e.g., acentralized or distributed database, or associated caches and servers)able to store instructions. The term “machine-readable medium” shallalso be taken to include any medium, or combination of multiple media,that is capable of storing instructions (e.g., code) for execution by amachine, such that the instructions, when executed by one or moreprocessors of the machine, cause the machine to perform any one or moreof the methodologies described herein. Accordingly, a “machine-readablemedium” refers to a single storage apparatus or device, as well as“cloud-based” storage systems or storage networks that include multiplestorage apparatus or devices. The term “machine-readable medium”excludes signals per se.

“MODULE” in this context refers to logic having boundaries defined byfunction or subroutine calls, branch points, application programinterfaces (APIs), or other technologies that provide for thepartitioning or modularization of particular processing or controlfunctions. Modules are typically combined via their interfaces withother modules to carry out a machine process. A module may be a packagedfunctional hardware unit designed for use with other components and apart of a program that usually performs a particular function of relatedfunctions. Modules may constitute either software modules (e.g., codeembodied on a machine-readable medium) or hardware modules. A “hardwaremodule” is a tangible unit capable of performing certain operations andmay be configured or arranged in a certain physical manner.

In various example embodiments, one or more computer systems (e.g., astandalone computer system, a client computer system, or a servercomputer system) or one or more hardware modules of a computer system(e.g., a processor or a group of processors) may be configured bysoftware (e.g., an application or application portion) as a hardwaremodule that operates to perform certain operations as described herein.In some embodiments, a hardware module may be implemented mechanically,electronically, or any suitable combination thereof. For example, ahardware module may include dedicated circuitry or logic that ispermanently configured to perform certain operations. For example, ahardware module may be a special-purpose processor, such as aField-Programmable Gate Array (FPGA) or an Application SpecificIntegrated Circuit (ASIC).

A hardware module may also include programmable logic or circuitry thatis temporarily configured by software to perform certain operations. Forexample, a hardware module may include software executed by ageneral-purpose processor or other programmable processor. Onceconfigured by such software, hardware modules become specific machinesor specific components of a machine) uniquely tailored to perform theconfigured functions and are no longer general-purpose processors. Itwill be appreciated that the decision to implement a hardware modulemechanically, in dedicated and permanently configured circuitry, or intemporarily configured circuitry (e.g., configured by software) may bedriven by cost and time considerations. Accordingly, the phrase“hardware module”(or “hardware-implemented module”) should be understoodto encompass a tangible entity, be that an entity that is physicallyconstructed, permanently configured (e.g., hardwired), or temporarilyconfigured (e.g., programmed) to operate in a certain manner or toperform certain operations described herein.

Considering embodiments in which hardware modules are temporarilyconfigured (e.g., programmed), each of the hardware modules need not beconfigured or instantiated at any one instance in time. For example,where a hardware module comprises a general-purpose processor configuredby software to become a special-purpose processor, the general-purposeprocessor may be configured as respectively different special-purposeprocessors (e.g., comprising different hardware modules) at differenttimes. Software accordingly configures a particular processor orprocessors, for example, to constitute a particular hardware module atone instance of time and to constitute a different hardware module at adifferent instance of time.

Hardware modules can provide information to, and receive informationfrom, other hardware modules. Accordingly, the described hardwaremodules may be regarded as being communicatively coupled. Where multiplehardware modules exist contemporaneously, communications may be achievedthrough signal transmission (e.g., over appropriate circuits and buses)between or among two or more of the hardware modules. In embodiments inwhich multiple hardware modules are configured or instantiated atdifferent times, communications between such hardware modules may beachieved, for example, through the storage and retrieval of informationin memory structures to which the multiple hardware modules have access.For example, one hardware module may perform an operation and store theoutput of that operation in a memory device to which it iscommunicatively coupled. A further hardware module may then, at a latertime, access the memory device to retrieve and process the storedoutput. Hardware modules may also initiate communications with input oroutput devices, and can operate on a resource (e.g., a collection ofinformation).

The various operations of example methods described herein may beperformed, at least partially, by one or more processors that aretemporarily configured (e.g., by software) or permanently configured toperform the relevant operations. Whether temporarily or permanentlyconfigured, such processors may constitute processor-implemented modulesthat operate to perform one or more operations or functions describedherein. As used herein, “processor-implemented module” refers to ahardware module implemented using one or more processors. Similarly, themethods described herein may be at least partiallyprocessor-implemented, with a particular processor or processors beingan example of hardware. For example, at least some of the operations ofa method may be performed by one or more processors orprocessor-implemented modules. Moreover, the one or more processors mayalso operate to support performance of the relevant operations in a“cloud computing” environment or as a “software as a service” (SaaS).For example, at least some of the operations may be performed by a groupof computers (as examples of machines including processors), with theseoperations being accessible via a network (e.g., the Internet) and viaone or more appropriate interfaces (e.g., an Application ProgramInterface (API)). The performance of certain of the operations may bedistributed among the processors, not only residing within a singlemachine, but deployed across a number of machines. In some exampleembodiments, the processors or processor-implemented modules may belocated in a single geographic location (e.g., within a homeenvironment, an office environment, or a server farm). In other exampleembodiments, the processors or processor-implemented modules may bedistributed across a number of geographic locations.

“PROCESSOR” in this context refers to any circuit or virtual circuit (aphysical circuit emulated by logic executing on an actual processor)that manipulates data values according to control signals (e.g.,“commands”, “op codes”, “machine code”, etc.) and which producescorresponding output signals that are applied to operate a machine. Aprocessor may, for example, be a Central Processing Unit (CPU), aReduced Instruction Set Computing (RISC) processor, a ComplexInstruction Set Computing (CISC) processor, a Graphics Processing Unit(GPU), a Digital Signal Processor (DSP), an Application SpecificIntegrated Circuit (ASIC), a Radio-Frequency Integrated Circuit (RFIC)or any combination thereof. A processor may further be a multi-coreprocessor having two or more independent processors(sometimes referredto as “cores”) that may execute instructions contemporaneously.

DESCRIPTION

A portion of the disclosure of this patent document contains materialthat is subject to copyright protection. The copyright owner has noobjection to the facsimile reproduction by anyone of the patent documentor the patent disclosure, as it appears in the Patent and TrademarkOffice patent files or records, but otherwise reserves all copyrightrights whatsoever. The following notice applies to the software and dataas described below and in the drawings that form apart of this document:Copyright 2015, SCREENING ROOM MEDIA, INC., All Rights Reserved.

The description that follows includes systems, methods, techniques,instruction sequences, and computing machine program products thatembody illustrative embodiments of the disclosure. In the followingdescription, for the purposes of explanation, numerous specific detailsare set forth in order to provide an understanding of variousembodiments of the inventive subject matter. It will be evident,however, to those skilled in the art, that embodiments of the inventivesubject matter may be practiced without these specific details. Ingeneral, well-known instruction instances, protocols, structures, andtechniques are not necessarily shown in detail.

DRAWINGS

The current application discloses a number of technologies that may beused, in example embodiments, to address and mitigate challenges withenforcing access and/or usage restrictions on digital content. Thesetechnologies monitor use of digital content and suspend or terminateaccess to digital content when certain behaviors are detected.

FIG. 1 shows an example digital content distribution network. It shallbe appreciated that although the various functional components ofnetwork 100 are discussed in a singular sense, multiple instances of oneor more of the various functional components may be employed,

Network 100 includes multiple computing devices connected tocommunication network 102 and configured to communicate with each otherthrough use of communication network 102. A computing device can be anytype of general computing device capable of network communication withother computing devices. For example, a computing device can be apersonal computing device such as a desktop or workstation, a businessserver, or a portable computing device, such as a laptop, smart phone,or a tablet PC. A computing device can include some or all of thefeatures, components, and peripherals of machine 2000 of FIG. 20.

To facilitate communication with other computing devices, a computingdevice can include a communication interface configured to receive acommunication, such as a request, data, etc., from another computingdevice in network communication with the computing device and pass thecommunication along to an appropriate module running on the computingdevice. The communication interface can also be configured to send acommunication to another computing device in network communication withthe computing device.

Network 100 includes digital content delivery system 104 and client-sidedigital content delivery device 106 configured to provide digitalcontent to users, as well as to enforce access and/or usage restrictionson the digital content. Digital content can include any type of digitalcontent or data, such as text files, video files, music files, etc.Digital content can be associated with one or more intended restrictionson access and/or use of the digital content. For example, digitalcontent can include confidential data and/or sensitive data, such aspersonal information (e.g., social security number), financialinformation (e.g., bank records, account numbers, etc.), medicalrecords, confidential work materials, etc., that are restricted for useby specified people. Digital content can also include licensed content,such as movie rentals, movie purchases, music rentals, etc., that can berestricted for use by a specified person or audience, during specifiedtimes, etc.

Restrictions can include any type of restriction regarding accessingand/or using the digital content, such as a specified user or specifiedset of users that can access and/or use the digital content, a specifiedtime period during which the digital content can be accessed and/orused, a specified geographic location where the digital content can beaccessed and/or used, restrictions on how the digital content can beaccessed and/or used, restrictions on whether the digital content can becopied and/or shared, etc.

In network 100, digital content delivery system 104 and client-sidedigital content delivery device 106 can work together to provide userswith access to digital content, as well as to enforce access and/orusage restrictions on the digital content. For example, digital contentdelivery system 104 and client-side digital content delivery device 106can monitor one or more usage signals to ensure that digital content isnot being misused (e.g., that restrictions associated with the digitalcontent are not being violated). In the event that digital content isbeing misused, or is potentially being misused, digital content deliverysystem 104 and/or client-side digital content delivery device 106 canexecute one or more remedial actions, such as suspend or terminate auser's access to the digital content, gather additional data,investigate use of the digital content, etc.

In network 100, a user can interact with digital content delivery system104 through client-side digital content delivery device 106 connected tocommunication network 102 by direct and/or indirect communication.Digital content delivery system 104 can be comprised of one or morecomputing devices configured to work with client-side digital contentdelivery device 106 to provide users with digital content, as well as toenforce access and/or usage restrictions on the digital content. Digitalcontent delivery system 104 can support connections from a variety ofdifferent types of client-side digital content delivery devices 106,such as desktop computers; mobile computers; mobile communicationsdevices (e.g. mobile phones, smart phones, tablets, etc.); smarttelevisions; set-top boxes; and/or any other network-enabled computingdevices. Client-side digital content delivery device 106 can be ofvarying type, capabilities, operating systems, etc. Furthermore, digitalcontent delivery system 104 can concurrently accept connections from andinteract, with multiple client-side digital content delivery devices106.

A user can interact with digital content delivery system 104 viaclient-side application 108 installed on client-side digital contentdelivery device 106. In some embodiments, client-side application 108can include a digital content delivery system-specific component. Forexample, the component can be a stand-alone application, one or moreapplication plug-ins, and/or a browser extension. Client-sideapplication 108 can present a user interface (UI) for the user tointeract with digital content delivery system 104. For example, the UIcan provide the user with digital content as well as include one or moreuser interface elements (e.g., buttons, text fields, etc.) to enable auser to interact with digital content delivery system 104.

Additionally, client-side application 108 can present a user withdigital content. Client-side application 108 can utilize one or moreoutput devices (e.g., display, speaker, etc.) of client-side digitalcontent delivery device 106 and/or a secondary computing device (notshown) coupled to client-side digital content delivery device 106 topresent digital content received from digital content delivery system104. For example, in an embodiment in which client-side digital contentdelivery device 106 is a mobile phone, client-side application 108 cancause presentation of digital content using a display and/or speaker ofthe mobile phone. As another example, in an embodiment in whichclient-side digital content delivery device 106 is a set-top box,client-side application 108 can cause presentation of digital content ona display of a viewing device (e.g., television, monitor, etc.) that isconnected to the set-top box.

In some embodiments, client-side application 108 can embed digitalcontent with a digital watermark that can be used if the digital contenthas been misused. For example, the digital watermark can be embeddedwith an identifier for client-side digital content delivery device 106.Once embedded in the digital content, the digital watermark will bepresent in any copies made of the digital content, includingunauthorized copies. Hence, if an unauthorized copy of digital contentis found, the digital watermark embedded in the unauthorized copy can beused to identify the source.

Digital content delivery system 104 can be configured to manage digitalcontent for multiple user accounts. For example, digital contentdelivery system 104 can allow users to store, access, rent and/orpurchase digital content.

To facilitate the various services provided by digital content deliverysystem 104, a user can create a user account with digital contentdelivery system 104. The account information for each created useraccount can be maintained in user account database 110. User accountdatabase 110 can store profile information for each user account,including a unique account identifier identifying the user account,personal information, username, password, email address, home address,credit card information, banking information, etc. User account database110 can also include account management information, such as datastorage locations, security settings, personal configuration settings,device identifier for client-side digital content delivery devices 106that are authorized to access the user account, etc.

A user account can be used to purchase, rent, manage and store digitalcontent, such as digital data, documents, text files, audio files, videofiles, etc. For example, digital content delivery system 104 can providean online retailer where users can purchase/rent digital content, suchas movies, shows, books, music, etc.

Upon digital content being purchased and/or rented by a user, the user'saccount can be updated to indicate that the user has acquired a licenseto the purchased and/or rented digital content. This can allow the userto access the digital content using client-side digital content deliverydevices 106. For example, a digital content identifier identifyingrented and/or purchased digital content (e.g., movie) can be assigned toa user account in user account database 110 and associated with thecorresponding user account. The digital content identifier can be usedto identify the digital content as well as the location of the digitalcontent.

Further, the user's account can be updated with data definingrestrictions associated with the digital content, such users authorizedto access or use the digital content, geographic locations where thedigital content can be accessed, times during which the digital contentcan be accessed, etc. In some embodiments, the restrictions can be basedon a license purchased by the user with respect to digital content. Forexample, a user may have purchased a limited rental of a movie thatentitles the user to view the movie a limited number of times, during alimited time and/or with a limited number of other users.

Digital content can be stored in data storage 112. Data storage 112 canbe a storage device, multiple storage devices, or a server.Alternatively, data storage 112 can be a cloud storage provider ornetwork storage accessible via one or more communication networks.Digital content delivery system 104 can hide the complexity and detailsregarding storage of digital content from client-side digital contentdelivery device 106 such that the location of digital content stored bydigital content delivery system 104 is not known by client-side digitalcontent delivery device 106. Digital content delivery system 104 canstore the digital content in a network accessible storage (SAN) device,in a redundant array of inexpensive disks (RAID), etc. Data storage 112can store digital content using one or more partition types, such asFAT, FAT32, NTFS, EXT2, EXT3, EXT4, ReiserFS, BTRFS, and so forth.

Data storage 112 can also store metadata describing digital content,digital content types, and the relationship of digital content tovarious user accounts. The metadata can be stored as part of the digitalcontent or can be stored separately. In one variation, digital contentstored in data storage 112 can be assigned a system-wide uniqueidentifier. In some embodiments, the metadata can include restrictionsassociated with the digital content.

Digital content delivery system 104 can include management module 114configured to manage and access each user account and the digitalcontent assigned to the user accounts. For example, management module114 can be configured to communicate with user account database 110 anddata storage 112 to adjust privileges and otherwise manage access todigital content.

Upon a user logging into their user account from client-side digitalcontent delivery device 106, management module 114 can access theaccount information associated with the user account to identify digitalcontent assigned to the user account, as well as any correspondingrestrictions placed on the digital content. Management module 114 canenable a user to access and/or use the digital content assigned to theuser's account. For example, management module 114 can access the user'saccount to identify digital content identifiers assigned to the useraccount. Management module 114 can use the digital content identifiersto identify and locate the digital content assigned to the user'saccount which can be presented according to the account configurationdata.

Management module 114 can also update the user's profile to update theuser's usage history. Each user's profile can include a usage historyindicating the digital content that the user has accessed and/or used,as well as metadata describing each use. This can include the times atwhich the user accessed and/or used the digital content, as well as anyother usage signal data, such as a number of mobile computing devicespresent during usage, geographic location of the user when accessing thedigital content, client-side digital content delivery device 106 used toaccess the digital content, etc. Management module 114 can access auser's account and update the user's usage history as the user accessesand/or uses digital content to record each use.

As explained above, in network 100, digital content delivery system 104and client-side digital content delivery device 106 can monitor one ormore usage signals to ensure that digital content is not being misusedand, in the event that digital content is potentially being misused,execute one or more remedial actions. Usage signals can be any type ofdata gathered with regard to presenting digital content. For example,usage signals can include the user's usage history, frequency that auser accesses digital content, a number of times the user has accessed aparticular item of digital content (e.g., a particular movie, document,etc.), a number of detected users viewing the digital content, locationof the user when accessing digital content, configuration changes priorto or while accessing digital content, etc.

Digital content delivery system 104 and client-side data detectiondevice 106 can each gather and share usage signal data to determinewhether digital content is potentially being misused and, in the eventthat digital content is potentially being misused, execute one or moreremedial actions. For example, digital content delivery system 104 caninclude digital content misuse management application 116 configured todetermine whether digital content is potentially being misused and, inthe event that digital content is potentially being misused, execute oneor more remedial actions. Likewise, client-side application 108 can beconfigured to determine whether digital content is potentially beingmisused and, in the event that digital content is potentially beingmisused, execute one or more remedial actions. Specific embodiments ofdigital content delivery system 104 and client-side digital contentdelivery device 106 determining whether digital content has been misusedare discussed in greater detail in the discussion of FIGS. 2-XX,

A remedial action can be one or more actions performed with the intentof stopping misuse of digital content. For example, a remedial actioncan include terminating performance of digital content, suspendingperformance of digital content, disabling client-side digital contentdelivery device 106, gathering additional data to determine whether asuspected misuse of digital content is in fact a misuse of the content,etc.

A remedial action can be performed by digital content delivery system104 and/or client-side digital content delivery device 106. As shown,digital content delivery system 104 includes remedial action module 118configure to execute remedial actions. Likewise, client-side digitalcontent delivery device 106 includes remedial action module 120configured to execute remedial actions.

In some embodiments, a remedial action can include terminatingperformance of digital content, which can cause the performance ofdigital content being performed by client-side digital content deliverydevice 106 to end. For example, remedial action module 118 can causedigital content delivery system 104 to stop transmitting (e.g.,streaming, downloading, etc.) the digital content to client-side digitalcontent delivery device 106, thereby terminating performance of thedigital content. As another example, remedial action module 118 cantransmit a command to client-side digital content delivery device 106 tostop performing the digital content. As another example, remedial actionmodule 120 can cause client-side digital content delivery device 106 toterminate performance of the digital content.

In some embodiments, a remedial action can include causing client-sidedigital content delivery device 106 to suspend performance of digitalcontent. In contrast to terminating performance of digital content,suspending performance can include pausing performance of the digitalcontent. This can be for a specified period of time or until a commandis received to resume performance. For example, digital content deliverysystem 104 can transmit a command to client-side digital contentdelivery device 106 to resume performance of the suspended digitalcontent. This can be the result of digital content delivery system 104determining that the digital content is not being misused.

In some embodiments, a remedial action can include disabling client-sidedigital content delivery device 106. Disabling client-side digitalcontent delivery device 106 can cause client-side digital contentdelivery device 106 to be inoperable to perform any function by theuser.

In some embodiments, a remedial action can include gathering additionalinformation to determine whether a suspected misuse of digital contentis in fact a misuse. Remedial action module 118 and/or remedial actionmodule 120 can cause social media activity of one or more usersassociated with client-side digital content delivery device 106 to bescanned to gather information indicating that the user(s) are misusingdigital content. For example, remedial action module 118 and/or remedialaction module 120 can scan a user's social media activity for postingsindicating that the user allowed unauthorized access to digital content(e.g., hosting viewing of movies for large audiences).

In some embodiments, a remedial action can include simply presenting auser with a warning or message indicating that the user is suspected ofmisusing digital content. Although several examples of remedial actionsare given, these are just some examples and are not meant to belimiting.

FIG. 2 shows a block diagram 200 of client-side digital content deliverydevice 106 configured to determine whether digital content is beingmisused based on the location of client-side digital content deliverydevice 106. To avoid obscuring the inventive subject matter withunnecessary detail, various functional components (e.g., modules) thatare not germane to conveying an understanding of the inventive subjectmatter have been omitted from FIG. 2. However, a skilled artisan willreadily recognize that various additional functional components may besupported to facilitate additional functionality that is notspecifically described herein. Furthermore, the various functionalmodules depicted in FIG. 2 may reside on a single computing device ormay be distributed across several computing devices in variousarrangements such as those used in cloud-based architectures.

In some instances, digital content may be associated with geographicbased restrictions that restrict use of the digital content to aspecified geographic location and/or within a specified geographic area.For example, digital content such as confidential work materials mayinclude a geographic restriction that the confidential work materialsonly be accessed within a predetermined distance of a work office. Asanother example, digital content such as a movie with a limited uselicense (e.g., rented movie) may include a geographic restriction thatthe movie only be played within a predetermined distance of a rentinguser's house. Client-side digital content delivery device 106 can beconfigured to monitor the geographic location of client-side digitalcontent delivery device 106 prior to, during and/or after performance ofdigital content and execute a remedial action if the location of theclient-side digital content delivery device 106 is outside of apermitted geographic area.

As shown, client-side digital content delivery device 106 includesgeographic tracking component 202, which can determine the geographiclocation of client-side digital content delivery device 106. Geographictracking component 202 can determine the location of client-side digitalcontent delivery device 106 using any known location tracking techniqueor technology. For example, geographic tracking component 202 candetermine the location of client-side digital content delivery device106 using a Global Positioning System (GPS), control plane locatingtechniques, cellular tower triangulation, real-time locating, satellitetracking, etc.

Client-side application 108 can be configured to gather location datafrom geographic tracking component 202 and use the location data todetermine whether digital content is being misused. Client-sideapplication 108 can include location monitoring module 204 that isconfigured to communicate with geographic tracking component 202 toperiodically gather location data describing the current location ofclient-side digital content delivery device 106.

Location monitoring module 204 can communicate with geographic trackingcomponent 202 to request the current location of client-side digitalcontent delivery device 106 at specified time intervals. For example,location monitoring module 204 can request the current location ofclient-side digital content delivery device 106 every 10 seconds, 20seconds, 1 minute, etc. Location monitoring module 204 can request thecurrent location of client-side data delivery prior to, during, and/orafter client-side application 108 presents digital content.

Location monitoring module 204 can utilize the gathered location data todetermine whether the current location of client-side digital contentdelivery device 106 is within a predetermined geographic area in whichclient-side digital content delivery device 106 is authorized to presentdigital content. Digital content received by client-side digital contentdelivery device 106 from digital content delivery system 104 can includemetadata indicating one or more geographic areas in which client-sidedigital content delivery device 106 is authorized to present the digitalcontent. Client-side digital content delivery device 106 can store thereceived metadata in data storage 206. The metadata can includecoordinate data describing the boundaries of geographic areas whereclient-side digital content delivery device 106 is authorized to presentthe digital content. Alternatively, the metadata can include ageographic coordinate along with a radius indicating an authorizeddistance from the geographic area in which client-side digital contentdelivery device 106 is authorized to present the digital content.

Location monitoring module 204 can access data storage 206 to gather themetadata indicating one or more geographic areas in which client-sidedigital content delivery device 106 is authorized to present the digitalcontent. Location monitoring module 204 can then use the currentlocation of the client-side digital content delivery device 106 and themetadata indicating one or more geographic areas in which client-sidedigital content delivery device 106 is authorized to present the digitalcontent to determine whether the current location of client-side digitalcontent delivery device 106 is within a predetermined geographic area inwhich client-side digital content delivery device 106 is authorized topresent digital content.

In response to determining that client-side digital content deliverydevice 106 is outside of the predetermined geographic area, client-sidedigital content delivery device 106 can execute a remedial action. Asshown, client-side digital content delivery device 106 can includeremedial action module 120, which can perform one or more remedialactions. In response to determining that client-side digital contentdelivery device 106 is outside of the predetermined geographic area,location monitoring module 204 can notify remedial action module 120.Remedial action module 120 can then perform one or more remedial action,such as suspending performance of digital content, disabling client-sidedigital content delivery device 106, etc.

FIG. 3 shows an example method 300 for determining whether digitalcontent is being misused based on the location of a client-side digitalcontent delivery device (e.g., the device 106 of FIGS. 1 and 2). Itshould be understood that there can be additional, fewer, or alternativesteps performed in similar or alternative orders, or in parallel, withinthe scope of the various embodiments unless otherwise stated.

At step 302, a client-side content delivery device receives digitalcontent from a remote server. The remote server can be part of a digitalcontent delivery system (e.g., the digital content delivery system 104).The digital content can be associated with one or more usagerestrictions, such as a geographic restriction that dictates one or morepredetermined geographic areas in which the client-side digital contentdelivery device is authorized to present the digital content.

In some embodiments, the client-side content delivery device canreceive, from the remote server, data identifying the predeterminedgeographic area in which the client-side content delivery device isauthorized to present the digital content. For example, the data can bereceived along with the digital content. Alternatively, the data can bereceived separately from the digital content.

In some embodiments, the predetermined geographic area in which theclient-side content delivery device is authorized to present the digitalcontent is based on a geographic location of a dwelling associated withthe client-side content delivery device. For example, digital contentsuch as a movie rental can be restricted to use within a predeterminedgeographic distance of the renting user's house.

In some embodiments, the predetermined geographic area in which theclient-side content delivery device is authorized to present the digitalcontent is based on a license acquired for the digital content. Digitalcontent such as a movie rental may be limited based on a licensepurchased by the renting user. For example, a basic rental can allow theuser to present the movie within a limited distance of the user's house.Alternatively, a higher cost rental may allow the user to present themovie in a larger venue.

At step 304, the client-side digital content delivery device determinesa current location of the client-side digital content delivery device.The client-side digital content delivery device can determine thecurrent location of the client-side digital content delivery deviceusing any known technique and or technology. For example, in someembodiments, the client-side digital content delivery device candetermine the current location of the client-side digital contentdelivery device using a Global Positioning Service (GPS). As anotherexample, the client-side digital content delivery device can determinethe current location of the client-side digital content delivery deviceusing cellular tower triangulation techniques.

At step 306, the client-side digital content delivery device determines,based on the current location of the client-side digital contentdelivery device, that the client-side digital content delivery device isoutside of a predetermined geographic area in which the client-sidedigital content delivery device is authorized to present the digitalcontent.

At step 308, the client-side digital content delivery device executes aremedial action in response to determining that the client-side digitalcontent delivery device is outside of the predetermined geographic area.For example, the client-side digital content delivery device canterminate performance of the digital content, disable the client-sidedigital content delivery device, suspend performance of the digitalcontent, etc.

FIG. 4 shows a block diagram 400 of client-side digital content deliverydevice 106 configured to determine whether digital content is beingmisused based on a number of mobile computing devices detected byclient-side digital content delivery device 106. To avoid obscuring theinventive subject matter with unnecessary detail, various functionalcomponents (e.g., modules) that are not germane to conveying anunderstanding of the inventive subject matter have been omitted fromFIG. 4. However, a skilled artisan will readily recognize that variousadditional functional components may be supported to facilitateadditional functionality that is not specifically described herein.Furthermore, the various functional modules depicted in FIG. 4 mayreside on a single computing device or may be distributed across severalcomputing devices in various arrangements such as those used incloud-based architectures.

In some instances, digital content can be associated with restrictionson the number of users that may view the digital content. For example,digital content such as personal information can be intended for use bya limited number of people. Accordingly, personal information may have arestriction on the number of people that can view the personal data. Asanother example, digital content such as a movie with a limited uselicense (e.g., rented movie) may include a restriction on the number ofusers that are allowed to view the rented movie. Client-side digitalcontent delivery device 106 can be configured to monitor the number ofnearby users during performance of digital content and execute aremedial action if the number of users exceeds a threshold allowablenumber of users.

As shown, client-side digital content delivery device 106 includesdevice detection component 402. Device detection component 402 can beconfigured to detect a number of mobile computing devices (e.g., cellphones, tablets, etc.) that are within a geographic distance ofclient-side digital content delivery device 106. Device detectioncomponent 402 can detect the number of mobile computing device using oneor more techniques. For example, in some embodiments, device detectioncomponent 402 can scan a home network, such as a Wi-Fi network, todetermine the number of mobile computing devices that are connected tothe home network. As another example, device detection component 402 canscan for short wave connectivity signals (e.g., Bluetooth signals) beingemitted by mobile computing devices.

As shown, client-side application 108 can include device monitoringmodule 404. Device monitoring module 404 can be configured tocommunicate with device detection component 402 to request the numberdetected mobile computing devices and determine, based on the number ofdetected mobile computing devices, whether a number of users viewing thedigital content exceeds a threshold number of authorized usersassociated with the digital content.

Device monitoring module 404 can communicate with device detectioncomponent 402 at specified time intervals to request the number ofdetected mobile computing devices. For example, device detection module404 can transmit a request every 10 seconds, 20 seconds, 1 minute, etc.Device monitoring module 404 can request the number of detected mobilecomputing devices prior to, during and/or after client-side application108 is presenting digital content.

Device monitoring module 404 can utilize the number of detected mobilecomputing devices to determine whether a number of users viewing thedigital content exceeds a threshold number of authorized usersassociated with the digital content. Device monitoring module 404 candetermine the number of users viewing the digital content based on anassumption that most users own and regularly carry a mobile computingdevice, such as a mobile phone. Accordingly, device monitoring module404 can determine the number of users viewing the digital content basedon the number of mobile computing devices detected by device detectioncomponent 402. For example, device monitoring module 404 can determinethat each detected mobile computing device indicates a unique userviewing the digital content.

In some embodiments, device monitoring module 404 can determine thenumber of users viewing the digital content based on the type of mobilecomputing devices detected by device detection component 402 in someinstances, a single user may have multiple mobile computing devices,such as a smartphone, tablet and/or laptop computer. While a user mayhave multiple mobile computing devices with them, generally a usercarries only a single mobile phone. Accordingly, in some embodiments,device monitoring module 404 can determine the number of users viewingthe digital content based on the number of mobile phones that aredetected by device detection component 402, rather than the overallnumber of mobile computing devices detected by device detectioncomponent 402.

Device monitoring module 404 can determine the type of mobile computingdevices using any known technique. For example, device monitoring module404 can gather metadata from the detected mobile computing devices thatindicate the type of mobile computing device, such as a deviceidentifier that can be used to discern the mobile computing device type.In some instances, a mobile computing device may include a descriptivename indicating the mobile computing type, such as “Bob's Phone” or“Bob's Tablet.” Device monitoring module 404 can request the device namefrom each detected mobile computing device and analyze the device namesto determine the mobile computing device type.

Digital content received by client-side digital content delivery device106 from digital content delivery system 104 can include metadataindicating a number of authorized users authorized to view the digitalcontent. Client-side digital content delivery device 106 can store thereceived metadata in data storage 206. Device monitoring module 404 canaccess data storage 206 to gather the metadata indicating the number ofauthorized users authorized to view the digital content. Devicemonitoring module 404 can then use the metadata to determine whether thenumber of users viewing the digital content exceeds the threshold numberof authorized users associated with the digital content.

In response to determining that the number of users viewing the digitalcontent exceeds the threshold number of authorized users associated withthe digital content, client-side digital content delivery device 106 canexecute a remedial action. As shown, client-side digital contentdelivery device 106 can include remedial action module 120, which canperform one or more remedial actions. Device monitoring module 404 cannotify remedial action module 120 that the number of users viewing thedigital content exceeds the threshold number of authorized usersassociated with the digital content. Remedial action module 120 can thenperform one or more remedial action, such as suspending performance ofdigital content,disabling client-side digital content delivery device106, etc.

FIG. 5 shows an example method 500 for determining whether digitalcontent is being misused based on a number of mobile computing devicesdetected by a client-side digital content delivery device. It should beunderstood that there can be additional, fewer, or alternative stepsperformed in similar or alternative orders, or in parallel, within thescope of the various embodiments, unless otherwise stated.

At step 502, the client-side digital content delivery device (e.g., thedevice 106) presents digital content that was received from a remoteserver. The remote server can be part of a digital content deliverysystem (e.g., the system 104). The digital content can be associatedwith one or more usage restrictions, such as a restriction that dictatesa number of users that are authorized to view the digital content.

In some embodiments, the client-side content delivery device canreceive, from the remote server, data identifying the number ofauthorized users associated with the digital content. For example, thedata can be received along with the digital content. Alternatively, thedata can be received separately from the digital content.

In some embodiments, the number of authorized users is based on a numberof known residents of a dwelling associated with the client-side digitalcontent delivery device. For example, digital content such as a movierental can be restricted to use by a renting user and his/her immediatefamily.

In some embodiments, the number of authorized users is based on alicense acquired for the digital content. Digital content such as amovie rental may be limited based on a license purchased by the rentinguser. For example, a basic rental can allow a user to view the moviewith their immediate family members. Alternatively, a higher cost rentalmay allow the user to present the movie to a larger group.

At step 504, the client-side digital content delivery device detects anumber of mobile computing devices that are within a geographic distanceof the client-side digital content delivery device. For example, theclient-side digital content delivery device can detect the number ofmobile computing devices by scanning a home network for mobile computingdevices that are connected to the home network via Wi-Fi. As anotherexample, the client-side digital content delivery device can detect thenumber of mobile computing devices by scanning for mobile computingdevices that are emitting a Bluetooth signal.

At step 506, the client-side digital content delivery device determines,based on the number of mobile computing devices that are within thegeographic distance of the client-side digital content delivery device,that a number of users viewing the digital content exceeds a thresholdnumber of authorized users associated with the digital content. In someembodiments, the client-side digital content delivery device can assumethat a unique user is viewing the digital content for each mobilecomputing device detected. Alternatively, in some embodiments, theclient-side digital content delivery device can assume that a uniqueuser is viewing the digital content for each mobile computing devicedetected that is of a specified type, such as a mobile phone.

At step 508, the client-side digital content delivery device executes aremedial action in response to determining that the number of usersviewing the digital content exceeds the threshold number of authorizedusers associated with the digital content. For example, the client-sidedigital content delivery device can terminate performance of the digitalcontent, disable the client-side digital content delivery device,suspend performance of the digital content, etc.

FIG. 6 shows a block diagram 600 of client-side digital content deliverydevice 106 configured to limit use of digital content to anauthenticated viewing device. To avoid obscuring the inventive subjectmatter with unnecessary detail, various functional components (e.g.,modules) that are not germane to conveying an understanding of theinventive subject matter have been omitted from FIG. 6. However, askilled artisan will readily recognize that various additionalfunctional components may be supported to facilitate additionalfunctionality that is not specifically described herein. Furthermore,the various functional modules depicted in FIG. 6 may reside on a singlecomputing device or may be distributed across several computing devicesin various arrangements such as those used in cloud-based architectures.

In some embodiments, client-side digital content delivery device 106 canbe restricted to use with an authorized viewing device. For example, inembodiments where client-side digital content delivery device 106 is aset-top box, client-side digital content delivery device 106 can berestricted for use with an authorized viewing device, such as atelevision, monitor, etc. As a result, digital content presented byclient-side digital content delivery device 106 can be restricted tospecified areas. For example, digital content such as confidential workmaterials can be restricted to a display located in a conference room ata company office. As another example, digital content such as a movierental can be restricted to use on a renting user's television.

In some embodiments, a viewing device can be designated as an authorizedviewing device upon initially being paired with client-side digitalcontent delivery device 106 (e.g., a physical connection is made betweenclient-side digital content delivery device 106 and the viewing deviceusing a cable). If the pairing between client-side digital contentdelivery device 106 and the authorized viewing device is broken (e.g.,the physical cable is disconnected) and/or client-side digital contentdelivery device 106 is paired to a different viewing device that is notauthorized, client-side digital content delivery device 106 can executea remedial action.

As shown in FIG. 6, client-side application 108 includes authorizationmodule 602. Authorization module 602 can be configured to authorize aviewing device to present digital content received by client-sidedigital content delivery device 106 from digital content delivery system104. Authorization module 602 can detect that client-side digitalcontent delivery device 106 is paired to a viewing device. For example,authorization module 602 can determine that a connection has been madebetween client-side digital content delivery device 106 and the viewingdevice. The connection can be a physical connection (e.g., a cordconnected to client-side digital content delivery device 106 and theviewing device) or a wireless connection (e.g., a Bluetooth or otherwireless connection).

Upon detecting that a viewing device is paired to client-side digitalcontent delivery device 106, authorization module 602 can designate theviewing device as an authorized viewing device. For example,authorization module 602 can communicate with the viewing device togather a device identifier identifying the viewing device. Authorizationmodule 602 can record the device identifier in data storage 206 toindicate that the viewing device is authorized to present digitalcontent received by client-side digital content delivery device 106 fromdigital content delivery system 104.

Client-side digital content delivery device 106 can reference the deviceidentifier stored in data storage 206 to ensure that a viewing devicepaired with client-side digital content delivery device 106 isauthorized to present digital content. Client-side digital contentdelivery device 106 can include authorization checking module 604configured to ensure that a viewing device paired with client-sidedigital content delivery device 106 is authorized to present digitalcontent. For example, prior to client-side digital content deliverydevice 106 presenting digital content on a viewing device paired toclient-side digital content delivery device 106, authorization checkingmodule 604 can request an identifier from the viewing device paired toclient-side digital content delivery device 106 and compare it to therecorded device identifier in data storage 206. If authorizationchecking module 604 determines that the device identifier received fromthe viewing device paired to client-side digital content delivery device106 matches the recorded device identifier, authorization checkingmodule 604 can allow the digital content to be presented on the viewingdevice. Alternatively, if authorization checking module 604 determinesthat the device identifier received from the viewing device paired toclient-side digital content delivery device 106 does not match therecorded device identifier, remedial action module 120 can execute oneor more remedial actions.

The number of viewing devices that can be authorized with client-sidedigital content delivery device 106 can be limited to a maximumallowable number. For example, client-side digital content deliverydevice 106 can be limited to a maximum of 1, 2, 3, etc., authorizedviewing device.

In situations where the maximum number of viewing devices authorizedwith client-side digital content delivery device 106 has already beenmet, the user can be required to request approval to remove one or moreof the authorized viewing devices to authorize a new viewing device tobe authorized. For example, a user may be required to call or otherwisecontact an administrator associated with digital content delivery system104 to request that one or more authorized viewing devices beunauthorized so that a new viewing device can be authorized.

If the user's request is approved, digital content delivery system 104can transmit a message to client-side digital content delivery device106 indicating that the request has been approved. The message can causeclient-side digital content delivery device 106 to unauthorize one ormore viewing devices. For example, authorization module 602 can deletethe recorded device identifiers from data storage 206.

In some embodiments, client-side digital content delivery device 106 canbe configured to monitor the connection between client-side digitalcontent delivery device 106 and an authorized viewing device that ispaired to client-side digital content delivery device 106 to determinewhether the connection is broken at any time. For example, afterdetecting that client-side digital content delivery device 106 is pairedwith a viewing device, authorization module 602 can monitor theconnection to ensure that it remains intact (e.g., the physical cordremains connected to both client-side digital content delivery device106 and the viewing device). In response to authorization module 602detecting that client-side digital content delivery device 106 has beenunpaired from the viewing device (i.e., the connection betweenclient-side digital content delivery device 106 and the viewing devicehas been broken), remedial action module 120 can execute a remedialaction.

FIG. 7 shows an example method 700 for limiting use of digital contentto an authenticated viewing device. It should be understood that therecan be additional, fewer, or alternative steps performed in similar oralternative orders, or in parallel, within the scope of the variousembodiments unless otherwise stated.

At step 702, the client-side digital content delivery device (e.g.,device 106) detects that the client-side digital content delivery deviceis paired to a viewing device. Detecting that the client-side contentdelivery device is paired to a viewing device can include detecting thata physical cord has been connected to the client-side digital contentdelivery device and the viewing device. For example, the physical cordcan be a High Definition Multimedia Interface (HDMI) cord. Detectingthat the client-side digital content delivery device is paired to aviewing device can also include determining that the client-side digitalcontent delivery device has established a wireless connection with theviewing device utilizing a communication protocol. For example, thecommunication protocol can be Bluetooth.

After the client-side digital content delivery device is paired to theviewing device, the client-side digital content delivery device candesignate the viewing device as an authorized viewing device, therebyenabling the client-side digital content delivery device to causedigital content received from a remote server (e.g., digital contentdelivery system 104) to be presented on a display of the viewing device.For example, the client-side digital content delivery device canreceive, from the viewing device, a unique identifier for the viewingdevice. The client-side digital content delivery device can record theunique identifier in a memory (e.g., data storage) of the client-sidedigital content delivery device.

At step 704, the client-side digital content delivery device detectsthat the client-side content delivery device has been unpaired from theviewing device. For example, the client-side digital content deliverydevice can detect that a physical cord (e.g., HDMI cord) has beenunconnected from either the client-side digital content delivery deviceor the viewing device. As another example, the client-side digitalcontent delivery device can detect that a wireless connection (e.g.,Bluetooth) between the client-side digital content delivery device andthe viewing device has been terminated.

In some embodiments, the client-side digital content delivery device canuse the unique identifier recorded in memory to detect that theclient-side content delivery device has been unpaired from the viewingdevice. For example, the client-side content delivery device can requesta unique identifier from a viewing device paired to the client-sidedigital content delivery device. The client-side content delivery devicecan compare the received unique identifier to the unique identifierrecorded in the memory of the client-side digital content deliverydevice. If the unique identifier received from the viewing device doesnot match the device identifier stored in the memory, the client-sidedigital content delivery device can determine that the client-sidedigital content delivery device has been unpaired from the authorizedviewing device.

At step 706, the client-side digital content delivery device executes aremedial action in response to detecting that the client-side digitalcontent delivery device has been unpaired from the viewing device. Forexample, the client-side digital content delivery device can terminateperformance of the digital content, disable the client-side digitalcontent delivery device, suspend performance of the digital content,etc.

FIG. 8 shows an example system 800 configured to determine whetherdigital content is being misused. To avoid obscuring the inventivesubject matter with unnecessary detail, various functional components(e.g., modules) that are not germane to conveying an understanding ofthe inventive subject matter have been omitted from FIG. 8. However, askilled artisan will readily recognize that various additionalfunctional components may be supported to facilitate additionalfunctionality that is not specifically described herein. Furthermore,the various functional modules depicted in FIG. 8 may reside on a singlecomputing device or may be distributed across several computing devicesin various arrangements such as those used in cloud-based architectures.

In some embodiments, digital content can be associated with an intendedrecipient that is authorized to access the digital content. For example,personal and/or confidential data (i.e., social security number and/ormedical records) can be associated with a specified user, such as theowner of the social security number, a doctor, a loan officer, etc.Client-side digital content delivery device 106 and digital contentdelivery system 104 can be configured to monitor the location of one ormore authorized users to ensure that the authorized user(s) is presentduring presentation of digital content The authorized user being presentcan indicate that the digital content is not being misused. In the eventthat the authorized user(s) is determined to not be present duringpresentation of the digital content, it can be assumed that the digitalcontent is being misused and remedial actions can be executed.

To determine whether an authorized user is present during presentationof digital content, client-side digital content delivery device 106 canpresent sonic signals during presentation of the digital content. Asonic signal, upon being detected by an authorized user's mobilecomputing device (i.e., mobile computing device 802), can cause mobilecomputing device 802 to transmit a confirmation message to digitalcontent delivery system 104 confirming that mobile computing device 802detected the sonic signal. If a threshold number of sonic signals arenot confirmed by mobile computing device 802, digital content deliverysystem 104 can determine that the authorized user is not present and aremedial action can be executed.

As shown, client-side application 108 can include sonic signal module804, which can generate and present sonic signals. A sonic signal can beany type of signal that can be detected by a microphone of mobilecomputing device 802. For example, a sonic signal can be an acousticfingerprint that can be presented along with or embedded within digitalcontent. Sonic signal module 804 can present one or more sonic signals,prior to, during and/or after presentation of digital content.

A sonic signal, upon being detected by mobile computing device 802, cancause mobile computing device 802 to transmit a confirmation message todigital content delivery system 104 confirming that mobile computingdevice 802 detected the sonic signal. For example, mobile computingdevice 802 can communicate with digital content delivery system 104 viacommunication network 102.

Sonic signal module 804 can present sonic signals according to anyschedule, such as according to specified time intervals, atpredetermined points during presentation of the digital content, etc. Insome embodiments, client-side digital content delivery device 106 canreceive a schedule for presenting the sonic signals from digital contentdelivery system 104, which can be stored in data storage 206. Forexample, digital content delivery system 104 can include sonic signalmanagement module 806 that is configured to provide the scheduleclient-side digital content delivery device 106. Once stored in datastorage 206, sonic signal module 804 can access the stored schedule andpresent the sonic signals according to the received schedule.

In some embodiments, digital content received from digital contentdelivery system 104 can include data indicating when sonic signal module804 should present a sonic signal. In another embodiment, sonic signalmodule 804 can present sonic signals in response to receiving a commandfrom digital content delivery system 104. For example, sonic signalmanagement module 806 transmits commands to client-side digital contentdelivery device 106 to present a sonic signal. In response to receivingthe command, sonic signal module 804 can cause client-side digitalcontent delivery device 106 to present a sonic signal.

In some embodiments, the sonic signals can be embedded with a code. Forexample, the code can include data identifying digital content deliverysystem 104 that client-side digital content delivery device 106 can useto transmit the authorization message. The code can also include anidentifier identifying the digital content and/or client-side digitalcontent delivery device 106. As another example, the code can include aunique confirmation code that was received from digital content deliverysystem 104. Mobile computing device 802 can transmit some or all of theembedded code to digital content delivery system 104 as part of theconfirmation message.

Digital content delivery system 104 can be configured to monitorconfirmation messages received from client-side digital content deliverydevice 106 and determine whether a number of unconfirmed sonic signalsmeets or exceeds a threshold number of allowable unconfirmed sonicsignals. An unconfirmed sonic signal can be a sonic signal presented byclient-side digital content delivery device 106 that mobile computingdevice 802 did not confirm detecting (i.e., a sonic signals presented bythe client-side digital content delivery device 106 that did not resultin mobile computing device 802 transmitting a confirmation message todigital content delivery system 104).

Sonic signal management module 806 can determine whether a sonic signalis unconfirmed. For example, sonic signal management module 806 candetermine that a sonic signal is unconfirmed if a threshold amount oftime has elapsed after the sonic signal was presented by client-sidedigital content delivery device 106 and a corresponding confirmationmessage has not been received from mobile computing device 802.

Sonic signal management module 806 can determine whether the number ofunconfirmed sonic signals exceeds a threshold number of allowableunconfirmed sonic signals. If the number of unconfirmed sonic signalsdoes exceed the threshold number of allowable unconfirmed sonic signals,digital content misuse management application 116 can execute a remedialaction and/or transmit a notification to client-side digital contentdelivery device 106 to execute a remedial action. As shown, digitalcontent misuse management application 116 includes remedial actionmodule 118, which can execute one or more remedial actions.

In some embodiments, the number of unconfirmed sonic signals can bebased on each unconfirmed sonic signal presented by client-side digitalcontent delivery device 106. Alternatively, the number of unconfirmedsonic signals can be based on sonic signals presented by client-sidedigital content delivery device 106 with relation to presentation of asingle digital data item (e.g., presentation of a movie). For example,the number of unconfirmed sonic signals can indicate the number ofunconfirmed sonic signals detected shortly prior to, during and/orshortly after presentation of the movie. As another example, the numberof unconfirmed sonic signals can indicate the number of unconfirmedsonic signals detected during a predetermined time period, such asduring the previous 10 minutes, 20 minutes, etc.

In some embodiments, client-side digital content delivery device 106 cancause mobile computing device 802 to initiate a sonic signal detectionmode. Once in sonic signal detection mode, mobile computing device 802can actively listen for sonic signals presented by client-side digitalcontent delivery device 106 and transmit confirmation messages todigital content delivery system 104. To initiate sonic signal detectionmode, sonic signal module 804 can present a visible code that can bedetected by mobile computing device 802. For example, the visible codecan be a Quick Response (QR) code presented on a display. A user ofmobile computing device 802 can take a picture or otherwise cause anoptical sensor of mobile computing device 802 to detect the visiblecode.

The visible code can cause mobile computing device 802 to initiate sonicsignal detection mode, during which one or more microphones of mobilecomputing device 802 will be active to detect sonic signals presented byclient-side digital content delivery device 106. In some embodiments,the visible code can further cause mobile computing device 802 totransmit data to digital content delivery system 104. For example, thevisible code can cause mobile computing device 802 to transmit anidentifier associated with mobile computing device 802 and/or anidentifier for client-side digital content device 106 to digital contentdelivery system 104. Management module 114 can use the received data toconfirm that mobile computing device 802 has initiated sonic signaldetection mode as well as to identify confirmation messages from mobilecomputing device 802.

FIG. 9 shows an example method 900 for determining whether digitalcontent is being misused. It should be understood that there can beadditional, fewer, or alternative steps performed in similar oralternative orders, or in parallel, within the scope of the variousembodiments unless otherwise stated. 1001521 At step 902, a client-sidedigital content delivery device (e.g., the device 106) receives digitalcontent from a remote computing system (i.e., a digital content deliverysystem 104).

At step 904, the client-side digital content delivery deviceperiodically presents sonic signals to confirm that a mobile computingdevice of a user authorized with the client-side digital contentdelivery device is within a desired geographic distance of theclient-side content delivery device. Each sonic signal, upon beingdetected by the mobile computing device, can cause the mobile computingdevice to transmit a confirmation message to the remote computing systemconfirming that the mobile computing device detected the sonic signal.

Each sonic signal can be embedded with a code. The mobile computingdevice can include the code in the confirmation message to the remotecomputing system confirming that the mobile computing device detectedthe sonic signal. In some embodiments, the code embedded in the sonicsignal can be varied. For example, the digital content delivery systemcan present a first sonic signal embedded with a first code, and thenpresent a second sonic signal embedded with a second code that isdifferent than the first code.

At step 906, the client-side digital content delivery device receives anotification that a number of unconfirmed sonic signals exceeds athreshold number of allowable unconfirmed sonic signals. The number ofunconfirmed sonic signals can indicate a number of sonic signalspresented by the client-side digital content delivery device that themobile computing device did not confirm detecting. This number ofunconfirmed sonic signals can include all unconfirmed sonic signals or,alternatively, a subset of the unconfirmed sonic signals. For example,the subset of the unconfirmed sonic signals can be the unconfirmed sonicsignals that occurred within a predetermined time period (e.g., last 5minutes, 10 minutes, etc.). As another example, the subset of theunconfirmed sonic signals can be the unconfirmed sonic signalsassociated with presentation of a singular digital content item (e.g.,unconfirmed sonic signals that occurred prior, during and/or afterpresentation of a singular movie).

At step 908, the client-side digital content delivery device executes aremedial action in response to receiving the notification that thenumber of unconfirmed sonic signals exceeds the threshold number ofallowable unconfirmed sonic signals. For example, the client-sidedigital content delivery device can terminate performance of the digitalcontent, disable the client-side digital content delivery device,suspend performance of the digital content, etc.

FIG. 10 shows a block diagram 1000 of digital content delivery system104 configured to determine whether content is being misused. To avoidobscuring the inventive subject matter with unnecessary detail, variousfunctional components (e.g., modules) that are not germane to conveyingan understanding of the inventive subject matter have been omitted fromFIG. 10. However, a skilled artisan will readily recognize that variousadditional functional components may be supported to facilitateadditional functionality that is not specifically described herein.Furthermore, the various functional modules depicted in FIG. 10 mayreside on a single computing device or may be distributed across severalcomputing devices in various arrangements such as those used incloud-based architectures.

In some embodiments, misuse of digital content can be inferred based ona user's usage history. A user repeatedly accessing the same digitalcontent item, such as a movie rental, or accessing digital content inconsistent patterns, may be misusing the content. For example, a userrepeatedly accessing the same digital content item may be misusing thedigital content item by presenting the digital content item in violationof the license acquired for the digital content (e.g., for commercialgain). Digital content delivery system 104 can monitor usage of digitalcontent to identify activity and/or patterns that indicate that thecontent is being misused, in which case digital content delivery system104 can execute one or more remedial actions.

As shown, digital content misuse management application 116 can includeusage monitoring module 1002. Usage monitoring module 1002 can monitorusage of digital content by various users. For example, usage monitoringmodule 1002 can communicate with user account database 110 to access thevarious user accounts stored by user account database 110, as well asanalyze the usage histories for each user account. Usage monitoringmodule 1002 can determine, based on the usage history of a user, whetherdigital content is being misused by the user and, if so, execute one ormore remedial actions.

In some embodiments, usage monitoring module 1002 can determine whetherdigital content is being misused based on the number of times thatdigital content has been accessed by a user. For example, usagemonitoring module 1002 can determine, based on the usage history of auser, the number of times that the user has accessed digital content.This can include the number of times the user has accessed digitalcontent using a client-side digital content delivery device (e.g.,client-side digital content delivery device 106) to access digitalcontent.

Usage monitoring module 1002 can determine whether the number of timesthat the user has accessed digital content meets or exceeds a thresholdnumber of times the user is permitted to access digital content. Ifusage monitoring module 1002 determines that the number of times thatthe user has accessed digital content meets or exceeds the thresholdnumber, usage monitoring module 1002 can notify remedial action module118, which can execute one or more remedial actions.

In some embodiments, the number of times that the user has accesseddigital content can be based on the total number of times the user hasaccessed digital content, including various digital content types (e.g.,movies, music, text files, etc.) and without any time limitations.Alternatively, in some embodiments, the number of times that the userhas accessed digital content can be based on the user's usage duringspecified time periods and/or usage with respect to specified contenttypes. For example, the number of times that the user has accesseddigital content can be based on the user's usage over the previous day,week, or month. As another example, the number of times that the userhas accessed digital content can be based on the user's usage duringspecified times of the day, such as between 6 pm-10 pm, or duringspecified days of the week, such as Friday-Sunday.

In some embodiments, the number of times that the user has accesseddigital content can be based on a digital content type. For example, thenumber of times that the user has accessed digital content can be thenumber of times that the user has accessed one or more specified digitalcontent types, such as movie rentals, confidential work data, etc. Asanother example, the number of times that the user has accessed digitalcontent can be based on a specific digital content item. For example,the number of times that the user has accessed digital content canindicate the number of times the user accessed a specific movie rental,confidential file, etc.

In some embodiments, usage monitoring module 1002 can determine whetherdigital content is being misused based on detected patterns in usagedata. For example, patterns such as a user accessing a similar or samesequence of digital content at same or similar times can indicate that auser is misusing the digital content. For example, a user that accessesthe same sequence of movie rentals each Friday and Saturday night may bemisusing the digital content item by presenting the digital content itemin violation of the license acquired for the digital content (e.g., forcommercial gain).

Usage monitoring module 1002 can analyze a usage history to determinewhether digital content is being misused according to a schedule. Forexample, usage monitoring module 1002 can analyze the usage history fora user according to set time intervals (e.g., hourly, daily, weekly,etc.). Usage monitoring module 1002 can further analyze the usagehistory for a user in response to the user accessing and/or requestingto access a digital content item. For example, in response to digitalcontent delivery system 104 receiving a request from client-side digitalcontent delivery device 106 to access digital content, usage monitoringmodule 1002 can analyze the usage history for a user associated withclient-side digital content delivery device 106. If usage monitoringmodule 1002 determines that the user is misusing digital content,digital content delivery system 104 can deny the request to accessdigital content. Remedial action module 118 can further execute one ormore remedial actions.

FIG. 11 shows an example method 1100 for determining whether digitalcontent is being misused. It should be understood that there can beadditional, fewer, or alternative steps performed in similar oralternative orders, or in parallel, within the scope of the variousembodiments unless otherwise stated.

At step 1102, the digital content delivery system (e.g., the digitalcontent delivery system 104) receives a request from a client-sidecomputing device (e.g., a client-side content delivery device 106) toaccess digital content maintained by the digital content deliverysystem.

At step 1104, the digital content delivery system determines that anumber of times the client-side computing device has accessed digitalcontent meets or exceeds a threshold number of times the client-sidecomputing device is permitted to access digital content. The digitalcontent delivery system can determine the number of times theclient-side computing device has accessed digital content by reviewing ausage history associated with the client-side computing device. Theusage history can include a listing of access requests received from theclient-side computing device for digital content.

In some embodiments, the number of times the client-side computingdevice has accessed digital content can be a number of times theclient-side computing device has accessed digital content during a timeperiod. For example, the time period can be a previous hour, day, week,month, etc. As another example, the time period can be a recurring timeperiod, such as Fridays and Saturdays. In this type of embodiment, thedigital content delivery system can review the usage history to identifythe number of times digital content has been accessed during the timeperiod.

In some embodiments, the number of times the client-side computingdevice has accessed digital content is a number of times the client-sidecomputing device has accessed a specific digital content item that isbeing requested in the request received from the client-side computingdevice. For example, the request received from the client-side computingdevice can be for a specific digital content item such as a specificmovie. In this type of embodiment, the digital content delivery systemcan review the usage history to identify the number of times thespecific digital content item (e.g., movie) has been accessed.

At step 1106, the digital content delivery system denies the request andexecutes a remedial action in response to determining that the number oftimes the client-side computing device has accessed digital contentmeets or exceeds the threshold number. For example, the digital contentdelivery system can cause the client-side digital content deliverydevice to be temporarily disabled, suspend performance of digitalcontent, etc.

FIG. 12 shows a block diagram 1200 of digital content delivery system104 configured to cluster usage signal data to determine whether digitalcontent is being misused. To avoid obscuring the inventive subjectmatter with unnecessary detail, various functional components (e.g.,modules) that are not germane to conveying an understanding of theinventive subject matter have been omitted from FIG. 12. However, askilled artisan will readily recognize that various additionalfunctional components may be supported to facilitate additionalfunctionality that is not specifically described herein. Furthermore,the various functional modules depicted in FIG. 12 may reside on asingle computing device or may be distributed across several computingdevices in various arrangements such as those used in cloud-basedarchitectures.

In some embodiments, digital content delivery system 104 can analyzeusage signal data describing digital content usage for a plurality ofuser accounts to identify user accounts that are likely to misusedigital content. For example, digital content delivery system 104 canuse a clustering algorithm, such as a k-means clustering algorithm, togenerate a set of digital content usage clusters based on a set of datapoints that each correspond to a unique user account and/or client-sidedigital content delivery device 106. Each data point can be determinedbased on usage data describing digital content usage by the user accountand/or client-side digital content delivery device 106 represented bythe data point. Digital content delivery system 104 can analyze theresulting digital content usage clusters to identify data points thatare outliers, which may indicate misuse of digital content by the useraccount represented by the outlier data point.

In some embodiments, digital content delivery system 104 can utilizeusage signal data describing digital content usage of known violatinguser accounts (i.e., user accounts known to have misused digitalcontent) to identify other user accounts that may likely misuse digitalcontent. For example, digital content delivery system 104 can use aclustering algorithm, such as a k-means clustering algorithm, togenerate a set of known violator usage clusters based on a set of datapoints that each correspond to a unique violating user account that isknown to have misused digital content. Each data point can be determinedbased on usage data describing digital content usage by the violatinguser account. Digital content delivery system 104 can analyze theresulting known violator usage clusters to identify data points that arewithin a predetermined distance of the center of a known violator usagecluster, which may indicate misuse of digital content by the useraccount represented by the identified data point.

As shown, digital content misuse management application 116 can includeclustering module 1202 and analysis module 1204. Clustering module 1202can be configured to generate clusters based on usage data signals.Analysis module 1204 can be configured to analyze the resulting clustersto identify user accounts that are potentially misusing digital content.

Clustering module 1202 can gather usage signal data from user accountdatabase 110, including data describing users (e.g., address, paymentinformation, gender, a number of known family member residing in adwelling of the user, etc.), history data (e.g., a digital contentaccessed by the user, a number of times digital content was accessed, afrequency at which digital content was accessed, times when digitalcontent was accessed, digital content items accessed by the user, etc.),and data received from client-side digital content delivery device 106(e.g., number of mobile computing devices detected during presentationof digital content, the location of client-side digital content deliverydevice 106 during presentation of digital content, etc.).

Clustering module 1202 can use the usage signal data to generate a setof data points that represent the user accounts. For example, clusteringmodule 1202 can use usage signal data describing digital content usageassociated with a user account to generate a data point representing theuser account. Clustering module 1202 can perform this process formultiple user accounts, resulting in the set of data points, in whicheach data point represents a unique one of the user accounts.

Clustering module 1202 can use a clustering algorithm, such as a k-meansalgorithm, to generate digital content usage clusters from the set ofdata points. Although a centroid-based algorithm is used as an example,clustering module 1202 can use any known clustering method to generatethe digital content usage clusters. For example, in some embodiments,clustering module 1202 can be configured to use any of ahierarchical-based clustering algorithm, connectivity-based clusteringalgorithm, distribution-based clustering algorithm, density-basedclustering algorithm, etc. Further, other centroid-based clusteringalgorithms can be used. For example, clustering module 1202 can use anyof a fuzzy C-means clustering algorithm, spherical k-means algorithm,Minkowski metric weighted k-means algorithm, etc.

Analysis module 1204 can analyze the resulting digital content usageclusters to identify user accounts that are likely to misuse digitalcontent. The digital content usage clusters can indicate common digitalcontent usage amongst multiple user accounts. For example, the center ofeach digital content usage cluster can indicate a digital content usageprofile for the user accounts represented by the digital content usagecluster. Accordingly, a data point located near the center of a digitalcontent usage cluster can indicate that the digital content usage of theuser account represented by the data point is in line with the digitalcontent usage of the other user accounts represented by the digitalcontent usage cluster. Conversely, a data point that is located far fromthe center of a digital content usage cluster can indicate that thedigital content usage of the user account represented by the data pointis out of line with the digital content usage of the other user accountsrepresented by the digital content usage cluster.

Analysis module 1204 can analyze the digital content usage clusters toidentify data points that are outliers. An outlier can be a data pointthat is at least a threshold distance away from the center of a closestdigital content usage cluster. As another example, an outlier can be adata point determined to be included in a set of data points that arefarthest away from the center of a closest digital content usagecluster. Analysis module 1204 can determine the distance between a datapoint and the center of a nearest digital content usage cluster todetermine if the data point is an outlier.

In response to analysis module 1204 determining that a data point is anoutlier, remedial action module 118 can execute a remedial action withrespect to the user account represented by the data point. For example,remedial action module 118 can cause a client-side digital contentdelivery device (e.g., digital content delivery device 106) associatedwith the user account to suspend performance of digital content.

Some digital content usage clusters may be deemed to provide a poorrepresentation of common digital data usage. Hence, in some embodiments,analysis module 1204 can determine data points that are outliers basedon a subset of the digital content usage clusters that are determined tomeet a threshold quality level. In this type of embodiment, analysismodule 1204 can initially determine a subset of the digital contentusage clusters that meet the quality threshold level. Analysis module1204 can then determine whether a data point is an outlier based on thedistance between the data point and the center of a closest digitalcontent usage cluster from the subset of digital content usage clustersdetermined to meet the threshold quality level.

Whether a digital content usage cluster meets a quality threshold levelcan be based on one or more factors. For example, the quality thresholdlevel can be based on the number of data points included in the cluster,the density of the cluster, the overall size of the cluster, etc.

In some embodiments, usage signal data from user accounts that are knownviolators (i.e., are known to have misused digital content) can be usedto identify other user accounts that are likely to misuse digitalcontent. For example, clustering module 1202 can generate a set of knownviolator clusters based on a set of data points that represent useraccounts that are known violators. Analysis module 1204 can then analyzethe set of known violator clusters to identify data points that arelocated within a predetermined distance from the center of a closestknown violator cluster. This can indicate that the digital content usageof the user account represented by the data point is similar to thedigital content usage of known violator accounts, indicating that theuser account may also be a violator.

A user account can be determined to be a violator in numerous ways,including any of the methods listed above. As another example, a useraccount can be determined to be a violator as a result of a userassociated with the user account being physically caught misusingdigital content. As another example, a user account can be determined tobe a violator as a result of an unauthorized copy of digital contentbeing traced back to the user account. For example, the unauthorizedcopy of digital content can include an embedded watermark thatidentities the user account and/or a client-side digital data deliverydevice associated with the user account.

FIG. 13 shows an example method 1300 for clustering usage signal data todetermine whether digital content is being misused. It should beunderstood that there can be additional, fewer, or alternative stepsperformed in similar or alternative orders, or in parallel, within thescope of the various embodiments, unless otherwise stated.

At step 1302, a digital content delivery system (e.g., system 104)clusters a set of data points into a set of digital content usageclusters. Each data point from the set of data points can represent aunique user account from a set of user accounts maintained by thedigital content delivery system. Each data point from the set of datapoints can have been determined based on usage signal data describingdigital content usage associated with the unique user accountrepresented by the data point. Usage signal data can include one or moreof a number of times digital content was accessed, a frequency at whichdigital content was accessed, digital content items that were accessed,a geographic location of a client-side computing device associated withthe unique user account, a number of known family members residing in adwelling associated with the unique user account, and a number of mobilecomputing devices detected during a performance of digital content.

The digital content delivery system can generate the set of digitalcontent usage clusters using at least one clustering algorithm. Forexample, the digital content delivery system can use at least onek-means clustering algorithm.

At step 1304, the digital content delivery system determines, based onthe set of digital content usage clusters, that a first data point fromthe set of data points is an outlier. The digital content deliverysystem can determine that the first data point from the set of datapoints is an outlier by determining that a distance between the firstdata point and a center of a closest digital content usage clusterexceeds a predetermined threshold distance.

Alternatively, in some embodiments, the digital content delivery systemcan determine that the first data point from the set of data points isan outlier by initially determining, from the set of digital contentusage clusters, a subset of digital content usage clusters that meet aquality threshold level. The digital content delivery system can thendetermine that a distance between the first data point and a center of aclosest digital content usage cluster from the subset of digital contentusage clusters exceeds a predetermined threshold distance.

The digital content delivery system can determine the subset of digitalcontent usage clusters that meet the quality threshold level in numerousways. For example, in some embodiments, the digital content deliverysystem can determine a density of data points in a first digital contentusage cluster, and then compare the density of data points in the firstdigital content usage cluster to a threshold density level.

At step 1306, the digital content delivery system executes a remedialaction with respect to a user account represented by the first datapoint.

FIG. 14 shows an example method 1400 for clustering usage signal data todetermine whether digital content is being misused. It should beunderstood that there can be additional, fewer, or alternative stepsperformed in similar or alternative orders, or in parallel, within thescope of the various embodiments unless otherwise stated.

At step 1402, a digital content delivery system clusters a set of datapoints into a set of known violator clusters. Each data point from theset of data points can represent a unique violating user account from aset of violating user accounts that are known digital content violators.Further, each data point from the first set of data points can have beendetermined based on usage signal data describing digital content usageby the unique violating user account represented by the data point. Theusage signal data can include one or more of a number of times digitalcontent was accessed, a frequency at which digital content was accessed,digital content items that were accessed, a geographic location of aclient-side computing device associated with the unique user account, anumber of known family members residing in a dwelling associated withthe unique user account, and a number of mobile computing devicesdetected during performance of digital content.

The digital content delivery system can generate the set of knownviolator clusters using at least one clustering algorithm. For example,the digital content delivery system can use at least one k-meansclustering algorithm.

At step 1404, the digital content delivery system determines, based onthe set of known violator clusters, that a first user account ispotentially a digital content violator. The first user account can berepresented by a first data point that is not included in the first setof data points. Further, the first data point can have been determinedbased on usage signal data describing digital content usage associationwith the first user account.

In some embodiments, the digital content delivery system can determinethat the first user account is potentially a digital content violator bydetermining that a distance between the first data point and a center ofa closest known violator cluster is less than a threshold distance.Alternatively, in some embodiments, the digital content delivery systemcan determine that the first user account is potentially a digitalcontent violator by initially determining, from the set of knownviolator clusters, a subset of known violator clusters that meet aquality threshold level. The digital content delivery system can thendetermine that a distance between the first data point and a center of aclosest known violator cluster from the subset of known violatorclusters is less than a predetermined threshold distance.

At step 1406, the digital content delivery system executes a remedialaction with respect to the first user account represented by the firstdata point.

FIG. 15 shows an example system 1500 configured to issue digitalcredentials (e.g., digital tickets). To avoid obscuring the inventivesubject matter with unnecessary detail, various functional components(e.g., modules) that are not germane to conveying an understanding ofthe inventive subject matter have been omitted from FIG. 15. However, askilled artisan will readily recognize that various additionalfunctional components may be supported to facilitate additionalfunctionality that is not specifically described herein. Furthermore,the various functional modules depicted in FIG. 15 may reside on asingle computing device or may be distributed across several computingdevices in various arrangements such as those used in cloud-basedarchitectures.

In some embodiments, digital content delivery system 104 can issuedigital credentials that are redeemable by a user. For example, adigital credential can be redeemed to provide a user with access to anexhibitor location, such as a movie theatre, to view a scheduledpresentation of a digital content item (e.g., a movie). Digital contentdelivery system 104 can utilize one or more security measures to preventmisuse of digital credentials, such as digital credentials being issuedto an incorrect user and/or the digital credential being utilized inviolation of a licensing agreement (e.g., the digital credential beingredeemed by an incorrect user and/or the digital credential beingresold).

To prevent misuse of a digital credential, digital content deliverysystem 104 can provide the user with the digital credential afterdetermining a current location of a user is within a predeterminedgeographic distance of a selected exhibitor location and/or a remainingamount of time until the selected scheduled presentation begins is lessthan the threshold amount of time. Hence, a user can be required to bephysically nearby the exhibitor location (e.g., within 100 feet of themovie theater) and/or wait until shortly before the scheduledpresentation (e.g., 15 minutes before the scheduled start time of themovie) to access their digital credential.

In some embodiments, a digital content license acquired by a user canallow the user to access the digital content item using client-sidedigital content delivery device 106 and/or attend a scheduledpresentation of the digital content item at an exhibitor location. As anexample, a user that purchases a movie rental that can be streamed tothe user's client-side digital content delivery device 106 can also beallotted two tickets (i.e., digital credentials) to view the movie at amovie theatre until the movie is no longer available. A user cantherefore choose to view the movie rental at home and/or view the movieat a movie theater.

In addition to issuing a user with a digital credential to a scheduledpresentation of a digital content item, in some embodiments, digitalcontent delivery system 104 can enable the user to reserve, schedule,and/or purchase one or more amenities associated with the scheduledpresentation. For example, digital content delivery system 104 canenable the user to reserve specific seats for the scheduled presentationof the digital content item, pre-order food and/or beverages, scheduletransportation to and/or from the exhibitor location, etc.

In FIG, 15, digital content delivery system 104, mobile computing device802, and exhibitor management system 1502 can communicate with eachother via communication network 102 to reserve and issue digitalcredentials that can be redeemed by a user to access a scheduledpresentation of a digital content item at an exhibitor location.

Exhibitor management system 1502 can be a computing system comprisingone or more computing devices associated with an exhibitor. An exhibitorcan be an organization, business, etc., that provides scheduledpresentations of digital content at one or more exhibitor locations. Forexample, an exhibitor can be a movie theatre chain that providesscheduled showings of movies at one or more movie theaters.

Exhibitor management system 1502 can include exhibitor database 1504that maintains exhibitor data describing scheduled presentations ofdigital content items provided by the exhibitor. Exhibitor data caninclude data identifying the exhibitor locations associated with theexhibitor (e.g., movie theatres), the digital content items scheduledfor presentation at each exhibitor location (e.g., movies) and/orscheduled presentations at each exhibitor location (e.g., scheduled showtimes). Exhibitor data can also include data identifying digitalcredential availability for each scheduled presentation (e.g., number ofunsold digital credentials available for purchase), seating charts foreach exhibitor location, seating availability (e.g., unreserved seats),amenities provided by each exhibitor location, the address of eachexhibitor location, etc. Exhibitor data can also include contentassociated with the exhibitor, exhibitor locations, and/or digitalcontent items. For example, exhibitor data can include content such aswritten movie description, movie trailers, movie reviews, movie theatrereviews, etc.

Exhibitor management system 1502 can include exhibitor management module1506 configured to reserve digital credentials and amenities forscheduled presentations of digital content items. Exhibitor managementmodule 1506 can communicate with exhibitor database 1504 to gatherrequested exhibitor data, provide requested exhibitor data to requestingcomputing devices and/or update exhibitor data to reflect a reservationof a digital credential and/or amenity. For example, exhibitormanagement module 1506 can process read requests for exhibitor data suchas show times for a specified movie, theatres within a predeterminedgeographic area that are presenting a specified movie, digitalcredential and/or seating availability for one or more scheduledpresentations, available amenities at an exhibitor location, movietrailers, movie reviews, etc. In response to receiving a read requestfor exhibitor data, exhibitor management module 1506 can gather therequested exhibitor data from exhibitor database 1504 and return therequested exhibitor data in response to the read request.

Exhibitor management module 1506 can also process reservation requests.A reservation request can be a request to reserve digital credentialsand/or amenities for a scheduled presentation of a digital content item.In response to receiving a reservation request, exhibitor managementmodule 1506 can initially confirm whether the reservation request can befulfilled. For example, exhibitor management module 1506 can determinewhether there are a sufficient number of available digital credentialsto fulfill the reservation request. As another example, exhibitormanagement module 1506 can determine whether selected seats areavailable to be reserved. If exhibitor management module 1506 determinesthat the reservation request can be fulfilled, exhibitor managementmodule 1506 can update exhibitor database 1504 to fulfill the request.For example, exhibitor management module 1506 can update exhibitordatabase 1504 to indicate that requested digital credentials have beenreserved, update the number of reserved digital credentials for thescheduled presentation, update a seating chart to reflect that specificseats have been reserved, etc.

Exhibitor management module 1506 can also generate and providereservation data reflecting that a requested reservation has beencompleted. Reservation data can include data indicating that thereservation request has been completed as well as data that can be usedto redeem or confirm the reservation at an exhibitor location. Forexample, reservation data can include a unique code associated withreserved digital credentials, reserved seats, reserved amenities, etc.,that can be used by an exhibitor to confirm the reservation. Reservationdata can also include data describing the reservation, such as reservedseats, selected exhibitor location, selected scheduled presentation,reserved amenities (e.g., purchased food items), purchasing user, etc.In some embodiments, the reservation data can be provided to a user foruse at the exhibitor. The reservation data can also be provided directlyto the exhibitor location.

In system 1500, a user can utilize mobile computing device 802 toreserve a digital credential for a scheduled presentation of a digitalcontent item, as well as reserve amenities. As shown, mobile computingdevice 802 can include digital credential application 1508. Digitalcredential application 1508 can enable a user to communicate withdigital content delivery system 104 to request exhibitor data as well asto reserve digital credentials and/or amenities. Digital credentialapplication 1508 can include user interface module 1510 configured topresent a user with an exhibitor interface including user interfaceelements (e.g., buttons, text fields, etc.) that a user can use torequest and select data. For example, the exhibitor interface canprovide a user with a listing of scheduled presentations for a digitalcontent item and allow the user to reserve digital credentials to one ormore of the listed scheduled presentations. As another example, theexhibitor interface can provide a user with a listing of unreservedseats for a scheduled presentation and allow the user to reserve one ormore of the unreserved seats. As another example, the exhibitorinterface can enable the user to enter and/or select one or moreexhibitor data parameters (e.g., desired movie, desired theatre, desiredday/time) and then provide the user with exhibitor data based on theexhibitor data parameters entered and/or selected by the user.

Digital credential application 1508 can communicate with digital contentdelivery system 104 to perform one or more actions requested by theuser, such as requests to read exhibitor data, requests to reservedigital credentials and/or amenities, etc. For example, digitalcredential application 1508 can transmit requests to digital contentdelivery system 104 to perform specified actions, such as requests toread exhibitor data, requests to reserve digital credentials and/oramenities, etc. Digital credential application 1508 can include data inthe requests that can be used by digital content delivery system 104 tocomplete the request. For example, the request can include one or moreexhibitor data parameters selected by the user.

Digital content delivery system 104 can include digital credentialmanagement module 1512 configured to receive and respond to requestsfrom mobile computing device 802. For example, digital content deliverysystem 104 can receive a request from mobile computing device 802 forspecified exhibitor data and, in response, transmit a read request toexhibitor management system 1502 for the specified exhibitor data.Digital content delivery system 104 can provide the returned exhibitordata to mobile computing device 802, where it can be presented to a userin a exhibitor interface.

As another example, digital credential management module 1512 canreceive a request from mobile computing device 802 to reserve a digitalcredential to a scheduled presentation and/or reserve one or moreamenities. In response, digital credential management module 1512 cantransmit a reservation request to exhibitor management system 1502 toreserve the digital credential and/or amenities.

Digital credential management module 1512 can receive reservation datafrom exhibitor management system 1502 confirming that the requestedreservation has been completed. In response, digital credentialmanagement module 1512 can update the requesting user's account in useraccount database 110 to reflect that the user's requested reservationhas been completed and that the requested digital credential and/oramenities are assigned to the requesting user's account. For example,digital credential management module 1512 can update the requestinguser's account with metadata describing the digital credentials assignedto the user's accounts, such as metadata describing a selected exhibitorlocation, selected scheduled presentation, selected seats, purchasedamenities, etc. Digital credential management module 1512 can also storeany unique codes received from exhibitor management system 1502 that canbe used by a user to redeem the digital credentials assigned to theuser's account and/or any reserved amenities.

In some embodiments, digital credential management module 1512 canprovide a user with exhibitor data and/or reserve a digital credentialfor the user based on a digital content license assigned to the user'saccount. For example, a digital content license can allow the user toaccess the digital content item using client-side digital contentdelivery device 106 and/or attend a scheduled presentation of thedigital content item at an exhibitor location. In this type of scenario,a user that purchases a movie rental that can be streamed to the user'sclient-side digital content delivery device 106 can also be allotted twodigital credentials to view the movie at a movie theatre. A user cantherefore choose to view the movie rental at home and/or view the movieat a movie theater.

A digital content license purchased by a user may be associated with aparticular exhibitor. For example, the exhibitor can be an exhibitorthat operates within a geographic region where the user resides. Asanother example, the exhibitor can be an exhibitor selected by the useras the user's preferred exhibitor. In some instances, the exhibitor mayreceive a portion of the revenue associated with the user's purchase ofthe digital content license to access the digital content item.

In this type of scenario, digital credential management module 1512 canpresent the user with exhibitor data and/or reserve a digital credentialbased on the digital content license purchased by the user and assignedto the user's account. This can include enabling the user to reserve adigital credential for a scheduled presentation of the digital contentitem associated with the digital content license and/or a scheduledpresentation offered at an exhibitor location associated with thedigital content license. For example, digital credential managementmodule 1512 can access the user's account in user account database 110to identify a digital content license assigned to the user's account.Based on the digital content license, digital credential managementmodule 1512 can determine a digital content item that the user haspurchased a license to access, and an exhibitor associated with thedigital content item. Digital credential management module 1512 can usethe determined digital content item and exhibitor to transmit a readrequest to exhibitor management system 1502 for exhibitor datadescribing scheduled performances of the digital content item atexhibitor locations associated with the exhibitor. The returnedexhibitor data can identify exhibitor locations and scheduledperformances that the user is licensed to attend according to thedigital content item assigned to the user's account. For example, theuser can select to reserve digital credentials to any one of thescheduled performances.

In some situations, an exhibitor may manage a large number of exhibitorlocations, and thus providing the user with exhibitor data for allexhibitor locations may be excessive and/or unnecessary. In this type ofsituation, digital credential management module 1512 can provide theuser with a subset of exhibitor data based on the location of the userin relation to exhibitor locations managed by the exhibitor. Forexample, digital credential management module 1512 can select a subsetof exhibitor locations that are within a predetermined geographicdistance of a known dwelling of the user or, alternatively, a determinedcurrent location of the user. Digital credential management module 1512can then provide the user with exhibitor data for the subset ofexhibitor locations.

Once a digital credential has been reserved and assigned to a user'saccount, the user can use mobile computing device 802 to retrieve thedigital credential. For example, the user can use the exhibitorinterface to request that digital credentials assigned to the user'saccount be transmitted to mobile computing device 802. Digitalcredential application 1508 can include digital credential presentationmodule 1514 configured to receive a digital credential from digitalcontent delivery system 104 and render a visual representation of thedigital credential. Once rendered, the digital credential can beredeemed by a user to grant the user access to a selected scheduledpresentation of the digital content item.

Digital content delivery system 104 can utilize one or more securitymeasures to prevent misuse of digital credentials, such as digitalcredentials being issued to an incorrect user and/or the digitalcredential being utilized in violation of the terms of a digital license(e.g., the digital credential being redeemed by an incorrect user and/orthe digital credential being resold).

Digital content misuse management application 116 can include digitalcredential issuing module 1516 configured to prevent misuse of digitalcredentials. Digital credential issuing module 1516 can restrict auser's access to digital credentials assigned to the user's accountuntil one or more conditions are satisfied. One such condition can bebased on the location of the user in relation to an exhibitor location.For example, digital credential issuing module 1516 can require that theuser be located within a predetermined geographic distance of theexhibitor location at which the digital credential can be redeemed.Hence a user cannot access the digital credential until the user isnearby the exhibitor location.

In response to receiving a request from mobile computing device 802 fora digital credential o be transmitted to mobile computing device 802,digital credential issuing module 1516 can determine whether a currentlocation of mobile computing device 802 is within a predeterminedgeographic distance of the exhibitor location where the digitalcredential can be redeemed. Digital credential issuing module 1516 canaccess the user's account to gather metadata describing the geographiclocation of the exhibitor location. Digital credential issuing module1516 can receive the current location of mobile computing device 802from mobile computing device 802 (e.g., as part of the request receivedfrom mobile computing device 802 or in response to a separate request).Digital credential issuing module 1516 can use the current location ofmobile computing device 802 and the geographic location of the exhibitorlocation to determine whether the current location of mobile computingdevice 802 is within the predetermined geographic distance of theexhibitor location,

Another condition can be based on the current time in relation to astart time of the scheduled presentation. For example, digitalcredential issuing module 1516 can require that a remaining amount oftime until a start time of the scheduled presentation be less than athreshold amount of time. Hence a user cannot access the digitalcredential until a short time before the start of the scheduledpresentation. Digital credential issuing module 1516 can access theuser's account to gather metadata describing the scheduled start time ofthe scheduled presentation and determine whether a remaining amount oftime until the scheduled start time (e.g., a time duration between thecurrent time and the scheduled start time) is less than the thresholdamount of time.

Another condition can be based on the requesting mobile computingdevice. For example, digital credential issuing module 1516 can restrictaccess to the digital credential to one or more mobile computing devicesauthorized with the user's account. In some embodiments, deviceidentifiers for the authorized mobile computing device(s) can be storedin the user's account. Digital credential issuing module 1516 canrequest a device identifier from a mobile computing device 802requesting digital credentials and then access the user's account todetermine whether the device identifier received from mobile computingdevice 802 is included in the list of authorized device identifiers,

Digital credential issuing module 1516 can deny a request to issue adigital credential if one or more of the described conditions are notsatisfied. For example, in some embodiments, digital credential issuingmodule 1516 can require that all conditions be satisfied for the requestto be approved (e.g., the user be located nearby the theatre, the movieto start shortly and the requesting mobile computing device beauthorized on the user's account). Alternatively, in some embodiments,digital credential issuing module 1516 can require that at least one ortwo of the conditions be satisfied for the request to be approved.

If digital credential issuing module 1516 determines that a sufficientnumber of conditions have been satisfied, digital credential issuingmodule 1516 can transmit the digital credential to mobile computingdevice 802. This can include gathering and providing reservation dataassociated with the digital credential to mobile computing device 802.For example, digital credential issuing module 1516 can access theuser's account to access the reservation data associated with thedigital credential.

Once the reservation data is received by mobile computing device 802,digital credential presentation module 1514 can use the reservation datato render a graphical representation of the digital credential, such asscannable code (e.g., Quick Response (QR) code, bar code, etc.). Thescannable code can be embedded with reservation data that can be used toconfirm the user's reservation. For example, the scannable code can beembedded with the unique code associated with the reservation of thedigital credentials, the number of digital credentials purchased,reserved seats, purchaser name, etc. The scannable code can be scannedat an exhibitor location using a scanning device capable of reading thescannable code to retrieve the reservation data embedded in thescannable code.

In addition to restricting access to digital credentials until one ormore conditions are satisfied, digital credential issuing module 1516can further implement one or more security features into the visualrendering of the digital credential to prevent misuse. For example,digital credential issuing module 1516 can include image data in thedigital credential that, when rendered by mobile computing device 802,causes an image of the user associated with the user account to bepresented along with the digital credential. An employee at an exhibitorlocation can therefore visually verify that the user attempting toredeem the digital credential is the user associated with the useraccount.

As another example, digital credential issuing module 1516 can includevideo data in the digital credential that, when rendered by mobilecomputing device 802, causes a video and/or animation to be presentedalong with the digital credential. This can prevent users from creatingcounterfeit copies of the digital credential by taking a picture and/orscreen grab of the rendered digital credential.

While digital credential issuing module 1516 is described asimplementing one or more security measures to prevent misuse of digitalcredentials, this is only one example and is not meant to be limiting.In some embodiments, mobile computing device 802 can also be configuredto implement security measures. For example, mobile computing device 802can implement security measures instead of or in addition to digitalcredential issuing module 1516. For example, digital credentialpresentation module 1514 can determine whether one or more conditionsare met prior to granting a user access to a digital credential (e.g.,rendering a visual representation of the digital credential that can beredeemed by the user). Digital credential presentation module 1514 canalso implement one or more security features into the digital credentialto prevent misuse. For example, digital credential presentation module1514 can render an image of the user along with the digital credentialto allow an employee of an exhibitor location to visually verify thatthe user attempting to redeem the digital credential is the userassociated with the user account. As another example, digital credentialpresentation module 1514 can render a video and/or animation along withthe digital credential to prevent counterfeits of the digital credentialto be captured by taking a picture or capturing a screen grab of therendered digital credential (i.e., the picture or screengrab wouldinclude a still image rather than the video and/or animation).

Digital credential application 1508 can also include transportationmodule 1518, which can coordinate transportation for a user to and/orfrom a digital venue. For example, transportation module 1518 cancommunicate with remote servers of one or more taxi and/or drive shareservices to schedule transportation for a user to and from a digitalvenue. Transportation module 1518 can schedule transportation for a userbased on digital credentials reserved by the user. For example,transportation module 1518 can determine a scheduled start and/or endtime of a scheduled presentation. Transportation module 1518 canschedule arrival of a car or taxi based on the scheduled start and/orend time of the scheduled presentation.

FIG. 16 shows an example method 1600 for issuing digital credentials. Itshould be understood that there can be additional, fewer, or alternativesteps performed in similar or alternative orders, or in parallel, withinthe scope of the various embodiments unless otherwise stated.

At step 1602, a digital content delivery system (e.g., the system 104)assigns a digital credential to a user account maintained by the digitalcontent delivery system. For example, the digital content deliverysystem can update a user account with reservation data associated withthe digital credential. The digital credential can be redeemable at aselected exhibitor location to view a selected scheduled presentation ofa digital content item. For example, the digital credential can beredeemed at a selected theatre to view a scheduled movie.

A license to access the digital content item may have been previouslyassigned to the user account. For example, the user may have previouslypurchased a license to rent the digital content item and view thedigital content item using a client-side digital content deliverydevice. The purchased license can also provide the user with the rightto view a scheduled presentation of the digital content item at anexhibitor location. For example, the purchased license can allow a userto attend a screening of the movie at a selected movie theatre.

At step 1604, the digital content delivery system receives, from amobile computing device associated with the user account, a firstrequest for the digital credential to be transmitted to the mobilecomputing device.

At step 1606, the digital content delivery system determines whether acurrent location of the mobile computing device is within apredetermined geographic distance of the selected exhibitor location. Insome embodiments, the first request received from the mobile computingdevice can include location data describing the current location of themobile computing device. The digital content delivery system can use thereceived location information to determine whether the current locationof the mobile computing device is within a predetermined geographicdistance of the selected exhibitor location.

At step 1608, the digital content delivery system determines whether aremaining amount of time until a scheduled start time of the selectedscheduled presentation is less than a threshold amount of time. Forexample, the digital content delivery system can determine a currenttime and the scheduled start time of the selected scheduledpresentation. The digital content delivery system can determine whetheran amount of time between the current time and the scheduled start timeis less than a threshold amount of time.

At step 1610, the digital content delivery system denies the firstrequest in response to determining that either the current location ofthe mobile computing device is outside of the predetermined geographicdistance of the selected exhibitor location or the remaining amount oftime until the scheduled start time of the selected scheduledpresentation is greater than the threshold amount of time. As a resultof the first request being denied, the mobile computing device will notreceive the digital credential in response to the first request.

At step 1612, the digital content delivery system receives, from themobile computing device, a second request for the digital credentialassigned to be transmitted to the mobile computing device. The secondrequest can be received after the first request was denied. The secondrequest can also include location data indicating the current locationof the mobile computing device.

At step 1614, the digital content delivery system determines that thecurrent location of the mobile computing device is within thepredetermined geographic distance of the selected exhibitor location andthat the remaining amount of time until the scheduled start time of theselected scheduled presentation is less than the threshold amount oftime.

At step 1616, the digital content delivery system transmits the digitalcredential to the mobile computing device. After receiving the digitalcredential, the mobile computing device can render a visualrepresentation of the digital credential on a display of the mobilecomputing device, which can be redeemed to provide a user access to theselected scheduled presentation.

FIG. 17 shows an example method 1700 for reserving digital credentialsto a scheduled presentation of a digital content item. It should beunderstood that there can be additional, fewer, or alternative stepsperformed in similar or alternative orders, or in parallel, within thescope of the various embodiments unless otherwise stated.

At step 1702, a digital content delivery system (e.g., the system 104)generates a user profile for a user account. The generated user profilecan be stored in a user account database maintained by the digitalcontent delivery system.

At step 1704, the digital content delivery system updates the userprofile to indicate that a license to access a digital content item hasbeen assigned to the user account. For example, the license can be alicense to access and present a movie through a client-side digitalcontent delivery device (e.g., the device 106) associated with the useraccount. The license can further enable a user to attend a scheduledperformance of the digital content item.

At block 1706, the digital content delivery system determines one ormore exhibitor locations where the user can attend a scheduledperformance of the digital content item. The digital content deliverysystem can determine an exhibitor associated with the license assignedto the user account. For example, the exhibitor can be associated withthe purchase of the license and, in some embodiments, received a portionof revenue from the purchase for the license to access the digitalcontent item. Once the digital content delivery system determines theexhibitor associated with the license, the digital content deliverysystem can determine exhibitor locations associated with the exhibitor.This can include identifying all exhibitor locations associated with theexhibitor or a subset of the exhibitor locations. For example, thedigital content delivery system can determine exhibitor locations thatare located within a predetermined geographic distance of a dwellingassociated with the user account.

At block 1708, the digital content delivery system determines one ormore scheduled presentations of the digital content item offered by theone or more exhibitor locations. For example, the digital contentdelivery system can determine show times at which the digital content(e.g., movie) is playing at various movie theatres.

At block 1710, the digital content delivery system transmits dataidentifying the one or more exhibitor locations and the one or morescheduled presentations of the digital content item to a mobilecomputing device associated with the user account. The mobile computingdevice can render a visual representation of the data and enable a userto browse through the available scheduled presentations as well asselect to reserve digital credentials to a scheduled presentation.

At block 1712, the digital content delivery system receives, from themobile computing device, a user selection indicating that a userassociated with the user account would like to reserve digitalcredentials to a selected scheduled presentation of the digital contentitem offered by a selected exhibitor location.

At block 1714, the digital content delivery system reserves the digitalcredentials to the selected scheduled presentation of the digitalcontent item. For example, the digital content delivery system cantransmit a reservation request to an exhibitor management system toreserve the digital credentials. The digital content delivery system canadditionally update the user's account to assign the reserved digitalcredentials to the users account. This can include updating the user'saccount with any reservation data received from the exhibitor managementsystem.

FIGS. 18A-18L show example screenshots of an exhibitor interface. Asshown in FIG. 18A, the exhibitor interface can enable a user to reserveone or more amenities. For example, the user can use the exhibitorinterface to select from and purchase food and/or beverages, as well asselect a pickup location for the purchased food and/or beverages. Theexhibitor interface can also user can also allow a user to scheduletransportation to and/or from a scheduled presentation of a digitalcontent item.

As shown in FIG. 18B, the exhibitor interface can allow a user to viewand/or adjust configurations or settings. For example, the exhibitorinterface can allow the user to view and/or adjust account settings,audio and video settings, software version and language settings. Theexhibitor interface can also allow the user to reset the settings totheir default settings.

As shown in FIG. 18C, the exhibitor interface can present a user withvideo. For example, the exhibitor interface can allow the user to viewmovie trailers, reviews, etc. The exhibitor interface can also allow theuser to control presentation of the video, such as fast forward, rewind,pause, play, etc.

As shown in FIG. 18D, the exhibitor interface can enable the user toperform one or more functions. For example, the exhibitor interface canenable the user to review a digital content item, share the review viaone or more social networking services, redeem digital credentialsand/or browse movies.

As shown in FIG. 18E, the exhibitor interface can provide the user withdata identifying scheduled presentations of digital content items. Forexample, the exhibitor interface can provide the user with movie titledescriptions, available locations and/or times. The exhibitor interfacecan also enable a user to select to reserve digital credentials to aselected movie.

As shown in FIG. 18F, the exhibitor interface can present the user withmultiple data tiles that include data and that can be selectable by auser. For example, each data tile can include data associated with amovie, such as images associated with the movie, description text, etc.Further, each data tile can be selectable to enable the user to accessadditional data.

As shown in FIG. 18G, the exhibitor interface can provide the user withdata identifying scheduled presentations of digital content items. Forexample, the exhibitor interface can provide the user with movie titledescriptions, available locations and/or times. The exhibitor interfacecan also enable a user to select to reserve digital credentials to aselected movie.

As shown in FIG. 18H, the exhibitor interface can present a visualrendering of a digital credential, such as a QR code. The visualrendering of the digital credential can allow a user to redeem thedigital credential at an exhibitor location.

As shown in FIG. 18I, the exhibitor interface can provide a user with adetailed written description of a movie. This can include a plotsynopsis as well as a listing of key actors/actresses in the movie andthe director.

As shown in FIG. 18J the exhibitor interface can enable a user topurchase digital credentials and/or a digital content license. As show,the exhibitor interface can enable the user to enter payment methoddata, such as credit card information. The exhibitor interface can alsoprovide the user with the total cost for the requested purchase.

As shown in FIG. 18K, the exhibitor interface can present the user withdata tiles representing scheduled presentations of a digital contentitem. Each data tile can include data describing its respectivescheduled presentation, such as the scheduled start time of thescheduled presentation. Further, the data tiles can be interactive suchthat a user can select a data tile to receive addition informationregarding the corresponding scheduled presentation and/or to reservedigital credentials for the scheduled presentation,

As shown in FIG. 18L, the exhibitor interface can present the user witha seating map identifying the seats at an exhibitor location. Theseating map can indicate which seats are reserved and which seats remainavailable. The seating map can be interactive to allow a user to reserveseats.

Software Architecture

FIG. 19 is a block diagram illustrating an example software architecture1906, which may be used in conjunction with various hardwarearchitectures herein described. FIG. 19 is a non-limiting example of asoftware architecture and it will be appreciated that many otherarchitectures may be implemented to facilitate the functionalitydescribed herein. Software architecture 1906 may execute on hardwaresuch as machine 2000 of FIG. 20 that includes, among other things,processors 2004, memory 2014, and input/output (I/O) components 2018. Arepresentative hardware layer 1952 is illustrated and can represent, forexample, machine 2000 of FIG. 20. Representative hardware layer 1952includes processing unit 1954 having associated executable instructions1904. Executable instructions 1904 represent the executable instructionsof software architecture 1906, including implementation of the methods,modules and so forth described herein. Hardware layer 1952 also includesmemory and/or storage modules memory/storage 1956, which also haveexecutable instructions 1904. Hardware layer 1952 may also compriseother hardware 1958.

In the example architecture of FIG. 19, software architecture 1906 maybe conceptualized as a stack of layers where each layer providesparticular functionality. For example, software architecture 1906 mayinclude layers such as operating system 1902, libraries 1920,applications 1916 and a presentation layer 1914. Operationally,applications 1916 and/or other components within the layers may invokeapplication programming interface (API) API calls 1908 through thesoftware stack and receive a response as in response to API calls 1908.The layers illustrated are representative in nature and not all softwarearchitectures have all layers. For example, some mobile or specialpurpose operating systems may not provide frameworks/middleware 1918,while others may provide such a layer. Other software architectures mayinclude additional or different layers.

Operating system 1902 may manage hardware resources and provide commonservices. Operating system 1902 may include, for example, kernel 1922,services 1924, and drivers 1926. Kernel 1922 may act as an abstractionlayer between the hardware and the other software layers. For example,kernel 1922 may be responsible for memory management, processormanagement (e.g., scheduling), component management, networking,security settings, and so on. Services 1924 may provide other commonservices for the other software layers. Drivers 1926 may be responsiblefor controlling or interfacing with the underlying hardware. Forinstance, drivers 1926 may include display drivers, camera drivers,Bluetooth® drivers, flash memory drivers, serial communication drivers(e.g., Universal Serial Bus (USB) drivers), Wi-Fi® drivers, audiodrivers, power management drivers, and so forth depending on thehardware configuration.

Libraries 1920 may provide a common infrastructure that may be used byapplications 1916 and/or other components and/or layers. Libraries 1920typically provide functionality that allows other software modules toperform tasks in an easier fashion than to interface directly with theunderlying operating system 1902 functionality (e.g., kernel 1922,services 1924 and/or drivers 1926). Libraries 1920 may include systemlibraries 1944 (e.g., C standard library) that may provide functionssuch as memory allocation functions, string manipulation functions,mathematic functions, and the like. In addition, libraries 1920 mayinclude API libraries API 1946 such as media libraries libraries tosupport presentation and manipulation of various media format such asMPREG4, H.264, MP3, AAC, AMR, JPG, PNG), graphics libraries (e.g., anOpenGL framework that may be used to render 2D and 3D in a graphic movieon a display), database libraries (e.g., SQLite that may provide variousrelational database functions), web libraries (e.g., WebKit that mayprovide web browsing functionality), and the like. Libraries 1920 mayalso include a wide variety of other libraries 1950 to provide manyother APIs to applications 1916 and other software components/modules.

The frameworks frameworks/middleware 1918 (also sometimes referred to asmiddleware) provide a higher-level common infrastructure that may beused by applications 1916 and/or other software components/modules. Forexample, frameworks/middleware 1918 may provide various graphic userinterface (GUI) functions, high-level resource management, high-levellocation services, and so forth. Frameworks/middleware 1918 may provideabroad spectrum of other APIs that may be utilized by applications 1916and/or other software components/modules, some of which may be specificto a particular operating system or platform.

Applications 1916 include built-in applications 1938 and/or third-partyapplications 1940. Examples of representative built-in applications 1938may include, but are not limited to, a contacts application, a browserapplication, a book reader application, a location application, a mediaapplication, a messaging application, and/or a game application.Third-party applications 1940 may include any application developedusing the Android™ or iOS™ software development kit (SDK) by an entityother than the vendor of the particular platform, and may be mobilesoftware running on a mobile operating system such as iOS™, Android™,Windows® Phone, or other mobile operating systems. Third-partyapplications 1940 may invoke the API calls 1908 provided by the mobileoperating system such as operating system 1902 to facilitatefunctionality described herein.

Applications 1916 may use built-in operating system functions (e.g.,kernel 1922, services 1924 and/or drivers 1926), libraries 1920,frameworks/middleware 1918 to create user interfaces to interact withusers of the system. Alternatively, or additionally, in some systemsinteractions with a user may occur through a presentation layer, such aspresentation layer 1914. In these systems, the application/module“logic” can be separated from the aspects of the application/module thatinteract with a user.

Some software architectures use virtual machines. In the example of FIG.19, this is illustrated by virtual machine 1910. Virtual machine 1910creates a software environment where applications/modules can execute asif they were executing on a hardware machine (such as the machine 2000of FIG. 20, for example). Virtual machine 1910 is hosted by a hostoperating system (operating system (OS) 1936 in FIG. 19) and typically,although not always, has a virtual machine monitor 1960, which managesthe operation of virtual machine 1910 as well as the interface with thehost operating system (i.e., operating system 1902).A softwarearchitecture executes within the virtual machine 1910 such as operatingsystem (OS) 1936, libraries 1934, frameworks 1932, applications 1930and/or presentation layer 1928. These layers of software architectureexecuting within the virtual machine 1910 can be the same ascorresponding layers previously described or may be different.

FIG. 20 is a block diagram illustrating components of machine 2000,according to some example embodiments, able to read instructions from amachine-readable medium (e.g., a machine-readable storage medium) andperform any one or more of the methodologies discussed herein.Specifically, FIG. 20 shows a diagrammatic representation of machine2000 in the example form of a computer system, within which instructions2010 (e.g., software, a program, an application, an applet, an app, orother executable code) for causing machine 2000 to perform any one ormore of the methodologies discussed herein may be executed. As such, theinstructions 2010 may be used to implement modules or componentsdescribed herein. The instructions 2010 transform the general,non-programmed machine into a particular machine programmed to carry outthe described and illustrated functions in the manner described. Inalternative embodiments, machine 2000 operates as a standalone device ormay be coupled (e.g., networked) to other machines. In a networkeddeployment, machine 2000 may operate in the capacity of a server machineor a client machine in a server-client network environment, or as a peermachine in a peer-to-peer (or distributed) network environment. Machine2000 may comprise, but not be limited to, a server computer, a clientcomputer, a personal computer (PC), a tablet computer, a laptopcomputer, a netbook, a set-top box (STB), a personal digital assistant(PDA), an entertainment media system, a cellular telephone, a smartphone, a mobile computing device, a wearable device (e.g., a smartwatch), a smart home device (e.g., a smart appliance), other smartdevices, a web appliance, a network router, a network switch, a networkbridge, or any machine capable of executing instructions 2010,sequentially or otherwise, that specify actions to be taken by machine2000. Further, while only a single machine 2000 is illustrated, the term“machine” shall also be taken to include a collection of machines thatindividually or jointly execute instructions 2010 to perform any one ormore of the methodologies discussed herein.

Machine 2000 may include processors 2004, memory memory/storage 2006,and input/output (I/O) components 2018, which may be configured tocommunicate with each other such as via bus 2002. Memory/storage 2006may include memory 2014, such as a main memory, or other memory storage,and storage unit 2016, both accessible to processors 2004 such as viabus 2002. Storage unit 2016 and memory 2014 store instructions 2010embodying any one or more of the methodologies or functions describedherein. Instructions 2010 may also reside, completely or partially,within memory 2014, within storage unit 2016, within at least one ofprocessors 2004 (e.g., within the processor's cache memory), or anysuitable combination thereof, during execution thereof by the machine2000. Accordingly, memory 2014, storage unit 2016, and memory ofprocessors 2004 are examples of machine-readable media.

The input/output (I/O) components 2018 may include a wide variety ofcomponents to receive input, provide output, produce output, transmitinformation, exchange information, capture measurements, and so on. Thespecific input/output (I/O) components 2018 that are included in aparticular machine will depend on the type of machine. For example,portable machines such as mobile phones will likely include a touchinput device or other such input mechanisms, while a headless servermachine will likely not include such a touch input device. It will beappreciated that input/output (I/O) components 2018 may include manyother components that are not shown in FIG. 20. Input/output (I/O)components 2018 are grouped according to functionality merely forsimplifying the following discussion and the grouping is in no waylimiting. In various example embodiments, input/output (I/O) components2018 may include output components 2026 and input components 2028.Output components 2026 may include visual components (e.g., a displaysuch as a plasma display panel (PDP), a light emitting diode (LED)display, a liquid crystal display (LCD), a projector, or a cathode raytube (CRT)), acoustic components (e.g., speakers), haptic components(e.g., a vibratory motor, resistance mechanisms), other signalgenerators, and so forth. Input components 2028 may include alphanumericinput components (e.g., a keyboard, a touch screen configured to receivealphanumeric input, a photo-optical keyboard, or other alphanumericinput components), point based input components e.g., a mouse, atouchpad., a trackball, a joystick, a motion sensor, or other pointinginstrument), tactile input components (e.g., a physical button, a touchscreen that provides location and/or force of touches or touch gestures,or other tactile input components), audio input components (e.g., amicrophone), and the like.

In further example embodiments, input/output (I/O) components 2018 mayinclude biometric components 2030, motion components 2034, environmentalcomponents 2036, or position components 2038 among a wide array of othercomponents. For example, biometric components 2030 may includecomponents to detect expressions (e.g., hand expressions, facialexpressions, vocal expressions, body gestures, or eye tracking), measurebiosignals (e.g., blood pressure, heart rate, body temperature,perspiration, or brain waves), identify a person (e.g., voiceidentification, retinal identification, facial identification,fingerprint identification, or electroencephalogram basedidentification), and the like. Motion components 2034 may includeacceleration sensor components (e.g., accelerometer), gravitation sensorcomponents, rotation sensor components e.g., gyroscope), and so forth.Environmental components 2036 may include, for example, illuminationsensor components (e.g., photometer), temperature sensor components(e.g., one or more thermometer that detect ambient temperature),humidity sensor components, pressure sensor components (e.g.,barometer), acoustic sensor components (e.g., one or more microphonesthat detect background noise), proximity sensor components (e.g.,infrared sensors that detect nearby objects), gas sensors (e.g., gasdetection sensors to detection concentrations of hazardous gases forsafety or to measure pollutants in the atmosphere), or other componentsthat may provide indications, measurements, or signals corresponding toa surrounding physical environment. Position components 2038 may includelocation sensor components (e.g., a Global Position System (GPS)receiver component), altitude sensor components (e.g., altimeters orbarometers that detect air pressure from which altitude may be derived),orientation sensor components (e.g., magnetometers), and the like.

Communication may be implemented using a wide variety of technologies.Input/output (I/O) components 2018 may include communication components2040 operable to couple the machine 2000 to network 2032 or devices 2020via coupling 2022 and coupling 2024, respectively. For example,communication components 2040 may include a network interface componentor other suitable device to interface with network 2032. In furtherexamples, communication components 2040 may include wired communicationcomponents, wireless communication components, cellular communicationcomponents, Near Field Communication (NFC) components, Bluetooth®components (e.g., Bluetooth® Low Energy), components, and othercommunication components to provide communication via other modalities.Devices 2020 may be another machine or any of a wide variety ofperipheral devices (e.g., a peripheral device coupled via a UniversalSerial Bus (USB)).

Moreover, communication components 2040 may detect identifiers orinclude components operable to detect identifiers. For example, thecommunication components 2040 may include Radio Frequency Identification(RFID) tag reader components, NFC smart tag detection components,optical reader components e.g., an optical sensor to detectone-dimensional bar codes such as Universal Product Code (UPC) bar code,multi-dimensional bar codes such as Quick Response (QR) code, Azteccode, Data Matrix, Dataglyph, MaxiCode, PDF417, Ultra Code, MC RSS-2Dbar code, and other optical codes), or acoustic detection components(e.g., microphones to identify tagged audio signals). In addition, avariety of information may be derived via the communication components2040, such as location via Internet Protocol (IP) geo-location, locationvia Wi-Fi® signal triangulation, location via detecting a NFC beaconsignal that may indicate a particular location, and so forth.

In some embodiments, a method to control access to a movie within amovie distribution ecosystem may include storing subscriber informationfor a subscriber within a subscriber database of a content distributionsystem; in the subscriber database, associating the subscriber with acontent accessing system; receiving, via a communications network and atthe content distribution system, a purchase request from the subscriberto purchase a credential to view the movie; and/or responsive to receiptof the purchase request, issuing the credential to view the movie at oneof a movie theater or using the content accessing system issued to thesubscriber.

In some embodiments, the issuing of the credential may include updatingthe subscriber information stored within the subscriber database.

In some embodiments, receiving of the purchase request from thesubscriber may include presenting the subscriber with a group of movietheaters within a predetermined geographical proximity to thesubscriber, and receiving selection of the movie theater from thesubscriber from among the group of movie theaters.

In some embodiments, receiving the purchase request from the subscribermay include presenting the subscriber with a list of movies that areviewable at a group of movie theaters within a predeterminedgeographical proximity of the subscriber, and receiving a purchaseselection of the movie from the list of movies from the subscriber.

In some embodiments, the issuing may include issuing at least twocredentials to view the movie to the subscriber, responsive to receiptof the purchase request.

In some embodiments, the credential is redeemable at either the movietheater or via the content accessing system in order to view the movie.

In some embodiments, the issuing the credential may include attributingat least a portion of revenue from the purchase of the credential to themovie theater.

In some embodiments, the content accessing system may include a set topbox.

In some embodiments, a method to control access to a content item withina content distribution network may include storing subscriberinformation for a subscriber within a subscriber database of a contentdistribution system; in the subscriber database, associating thesubscriber with a content accessing system; receiving, via acommunications network and at the content distribution system, an accessrequest from the subscriber for access the content item via the contentaccessing system; and/or responsive to receipt of the access request,issuing access rights to access the content item at one of a first venueor a second venue.

In some embodiments, the first venue may be associated the contentaccessing system issued to the subscriber and the second venue.

In some embodiments, the first venue may be associated with a contentexhibitor.

In some embodiments, the issuing of the access rights may includeupdating the subscriber information stored within the subscriberdatabase.

In some embodiments, receiving of the access request from the subscribermay include presenting the subscriber with a venues within apredetermined geographical proximity to the subscriber, and receivingselection of the second venue from the subscriber from among the venues.

In some embodiments, the issuing the access rights may includeattributing at least a portion of revenue attributable to the accessrights to the content exhibitor.

In some embodiments, the access rights are exercisable at either thecontent exhibitor or via the content accessing system in order to accessthe content item.

In some embodiments, the content accessing system may include a set topbox. In some embodiments, a method to control access to a movie mayinclude receiving input to initiate playback of the movie within avenue; using content accessing system, initiating a scan to locatewireless devices within a predetermined proximity of the contentaccessing system; determining that a threshold number of wirelessdevices are present within the predetermined proximity of the contentaccessing system; and/or responsive to the determination, initiating averification operation to detect violations of access rights withrespect to the movie.

In some embodiments, initiating of the scan to locate the wirelessdevices may include scanning to identify at least one of Bluetooth orWi-Fi devices within the predetermined proximity of the contentaccessing system.

In some embodiments, initiating the scan to locate the wireless devicesmay include determining whether a mobile device of a subscriberassociated with the content accessing system is within the predeterminedproximity of the content accessing system.

In some embodiments, initiating the verification operation may includeusing a content distribution system, determining a social mediaidentifier for a subscriber associated with the content accessingsystem, retrieving social media data from a social media data systemusing the social media identify; and automatically analyzing the socialmedia data to detect violations of the access rights with respect to themovie.

In some embodiments, initiating the verification operation may includemonitoring a group of content systems outside of a content distributionnetwork to identify an out-of-network watermark digitized version of themovie.

In some embodiments, the playback may include streaming the movie from aremote content storage system to the content accessing system.

In some embodiments, the initiating of the playback may includedownloading the movie from a remote content storage system.

In some embodiments, such a method may further include detecting that aviolation of the access rights with respect to the movie has occurredand, responsive to the detecting, restricting the playback of the moviewithin the venue.

In some embodiments, a method to control access to a movie within avenue may include receiving an access request to access to the movieavailable via a content distribution system, within the venue; usingcontent accessing system and responsive to the access request to accessthe movie, initiating a scan to locate wireless devices within apredetermined proximity of the content accessing system; determiningthat a mobile device of a subscriber associated with the contentaccessing system is not present within the predetermined proximity ofthe content accessing system; determining whether a predetermined numberof access requests for movies available via the content distributionsystem have been received at the content accessing system without themobile device of the subscriber; and/or responsive to the determination,initiating a verification operation to detect violations of accessrights with respect to the movie.

In some embodiments, may be present within the predetermined proximityof the content accessing system.

In some embodiments, the predetermined number of access requests mayinclude a predetermined number of purchase requests for credentials forthe movies.

In some embodiments, such a method may further include detecting that aviolation of the access rights with respect to the movie has occurredand, responsive to the detecting, restricting access to the movie withinthe venue.

In some embodiments, initiating the verification operation may includeusing the content distribution system, determining a social mediaidentifier for the subscriber associated with the content accessingsystem, retrieving social media data from a social media data systemusing the social media identify; and automatically analyzing the socialmedia data to detect violations of the access rights with respect to themovie.

In some embodiments, the access may include streaming the movie from aremote content storage system to the content accessing system.

In some embodiments, the access may include downloading the movie from aremote content storage system.

In some embodiments, initiating of the scan to locate the wirelessdevices may include scanning to identify at least one of Bluetooth orWi-Fi devices within the predetermined proximity of the contentaccessing system.

In some embodiments, a method to control distribution of a digitizedversion of a movie may include receiving an access request at a contentdistribution system from a content accessing system associated with asubscriber to a movie subscription service operated by the contentdistribution system, the content distribution system and the contentaccessing system forming part of a content distribution network, and theaccess request; using the subscriber identifier, accessing a subscriberdatabase, to determine that the subscriber is authorized to access themovie; responsive to the determination that the subscriber is authorizedto access the movie, applying a persistent forensic watermark to thedigitized version of the movie to generate a watermarked digitizedversion of the movie; and/or distributing the watermarked digitizedversion of the movie from the content distribution system to the contentaccessing system.

In some embodiments, the receiving an access request at a contentdistribution system from a content accessing system associated with asubscriber to a movie subscription service operated by the contentdistribution system, the content distribution system and the contentaccessing system forming part of a content distribution network, and theaccess request may include a subscriber identifier of the subscriber andrequesting access to the movie.

In some embodiments, the persistent forensic watermark further may beuniquely associated with the subscriber identifier.

In some embodiments, the access request may include a device identifierassociated with the content accessing system,

In some embodiments, such a method may further include monitoring agroup of content systems outside of the content distribution network toidentify an out-of-network watermark digitized version of the movie.

In some embodiments, such a method may further include responsive toidentifying the out-of-network watermark digitized version of the movie,disabling and quarantining the content accessing system.

In some embodiments, such a method may further include responsive toidentifying the out-of-network watermark digitized version of the movie,automatically distributing corrupted digitized versions of the movie viathe content distribution network.

In some embodiments, the content distribution network may include apeer-to-peer distribution system, and automatically distributingcorrupted digitized versions of the movie is performed using thepeer-to-peer distribution system.

The current application discloses number of technologies that may beused, in example embodiments, to address and mitigate access anddistribution challenges that are currently facing the movie distributionindustry. These technologies, embedded in a network-based movie deliverysystem, monitor behavioral indicators on users and restrict or shutdownmovie viewing when certain behaviors are detected.

Various example embodiments will be discussed with the context of acontent distribution network 2100 illustrated in. Within the context ofcontent distribution network 2100, filmmakers 2112 collaborate with FIG.21 production studios 2110 to create movies (or films). Increasingly,movies are being created in a purely digital form, and may be stored ina movie database 2116.

The production studios 2110 turn work with movie distributors, each ofwhich may operate a movie distribution system 2118 in order todistribute movies via a number of channels for release in cinemas ordirectly to consumers (e,g., via DVD or video on demand (VOD)). To thisend, a movie distribution system 2118 may access and distribute digitalmovies from the movie database 2116 via multiple networks 2102(e.g.,terrestrial or satellite networks, including the Internet). A moviedistribution system 2118 may deliver movies to an exhibitor 2108 (e.g.,a particular movie theater), either on film, hard disk drives, orelectronically via a network (e.g., via a secure satellite connection).

The movie distribution system 2118, according to some in someembodiments, may also be connected via one or multiple movie accessingsystems 2106 (e.g., a set top box)so as to enable distribution ofdigital movies directly to a residence 2114 (or other location) of aconsumer 2104.

The movie distribution system 2118 interacts with a network ofexhibitors so as to make the first-run movies, currently available intheaters operated exhibitors 2108 to be simultaneously made available tothe consumer 2104via the movie accessing system 2106. Specifically, inone example embodiment, the accessing system enables the consumer 2104,via the 2106, to purchase access rights, in the example from thatcredential that is redeemable to view a particular movie either attheaters operated by the exhibitors 2108 or within the residence 2114via the movie accessing system 2106.

It will be appreciated that there are a large number of technicalchallenges to ensuring that the out-of-theater access to first-runmovies (which are currently still primarily available in theater) is notabused or misused. For example, a particular consumer 2104 may betempted to invite a large number of people into his or her residence2114 to view particular movie. Similarly, the consumer 2104 may also betempted to relocate the movie accessing system 2106 to a public venuefor a screening of particular movie. Where the consumer 2104 has onlypaid for limited access rights, these actions would cause constitute amisuse, and a loss of revenue for the exhibitors 2108.

Where the consumer 2104 is technically skilled, there is also the riskthat the consumer 2104 may be tempted to replicate a movie to which heor she has access to via the movie accessing system 2106. Suchreplication could be achieved, for example, by using a camera to captureplayback of a movie on the movie accessing system 2106. A moresophisticated consumer 2104 may attempt to inject a video capture deviceinto a playback chain to capture a high quality copy of a movie by themovie accessing system 2106,

To combat the above scenarios, the example content distribution network2100 employs technologies across the movie distribution system 2118 andthe movie accessing system 2106. As will be described in further detailbelow with reference to FIG. 22, the movie distribution system 2118 andthe movie accessing system 2106 employ subsystems to monitor certainbehaviors that are indicative of misuse, and also modify content tofacilitate such monitoring. While for the details regarding thesubsystems will be provided, an overview of certain example functions isprovided immediately below

Monitored behavioral indicators that may be detected by the contentdistribution network 2100 include:

(1) Ordering the same movie (e.g., movie title) multiple times.

Population spikes of wireless devices (e.g. Wi-Fi and Bluetooth devices)within a home-viewing environment (e.g., the residence 2114) aredetected. As virtually everyone who comes over to watch a movie at theresidence 2114 will have a smartphone, the movie accessing system 2106monitors populations of Wi-Fi devices in the residence 2114 in order toensure sufficient bandwidth is available for high-quality viewingexperience. For example, the system may choose to download more of amovie into the viewing device if the home network is experiencing heavytraffic. An important by-product of this technology is the ability tocount the Wi-Fi and Bluetooth enabled devices before, during, and aftermovie purchases. Spikes in number devices during film rentals trigger asocial scrape, discussed in further detail below.

(2) Audio fingerprint/location services matching. Both of thesetechnologies contribute to the detection of an increase in the number ofdevices (and thus humans) at the time of viewing.

Usage is permitted for the entire residence 2114, but membership (orsubscription) to a service associated with the movie distribution system2118 is tied to an individual account, home address, and mobile number.A Bluetooth ping is emitted from the movie accessing system 2106 (e.g.,a set-top box). The movie accessing system 2106 is accordingly abledetermine if the member's mobile phone is present when a film ispurchased. Should the content distribution network 2100 detect multiplepurchases without the member present, the movie distribution system 2118conducts a social media scrape, an enhanced and specific (Member'sUnique Identifier) search and a purchase analysis to ensure proper use

(2) Ordering in similar time and frames on a regular basis, (implying aprogrammatic system to capture the output of the content access device)

The content distribution network 2100 automatically detects suchactivity, and conducts a social media scrape e.g., automated analysis ofa member's social media profile and circle and can shut down service ifabuse is further evidenced.

Each membership is tied to an individual and a single residentialaddress (e.g., of the residence 2114). The movie accessing system 2106is always aware of its location and will only activate in theapplicant's home address. When the movie accessing system 2106 isinstalled, it forms an unbreakable chain with the single TV, switcher orreceiver to which it is connected with via HDMI, creating a “Client toDevice Pairing” (CTDP). Once the CTDP is established and someoneattempts to move the movie accessing system 2106, the chain is brokenand the movie accessing system 2106 is unusable. This movie accessingsystem 2106 may be designed for one screen, one home.

When the member would like to upgrade his/her screen, the member willnotify the movie distribution system 2118 to enable a grace period,allowing him/her to change screens and re-lock to the new one. Again,the change of screen has to take place in the exact member home (e.g.,the residence 2114) and once the re-lock takes place the unbreakablechain is reestablished.

A consumer 2104 is associated to a specific theater of the exhibitors2108 to which all credential and concession income are attributed andwhere the member can re-experience films previously rented on theservice. This provides transparency on a “same-store-basis” existingphysical attendance, digital experience and physical re-experience allcontributing to EBITDA on a theater-by-theater basis. This creates apowerful financial analysis tool for the exhibitors 2108 to properlyanalyze performance and the positive impact of a movie distributionsystem 2118. A service offered by a movie distribution system 2118,which is tied to location and credential purchases, can provide thislevel of clarity.

The content distribution network 2100 described herein is a highlysophisticated technology platform exceeding many requirements forexisting platforms today. The living room is a less-controlledenvironment, and the example content distribution network 2100 providesmeasures to protect movie. Examples of such measures include:

Encryption Key Hierarchy Design

The movie distribution system 2118 and movie accessing system 2106 usemultiple encryption key sets which can change as often as necessary (the“key period”) (for example, every 60 seconds). Given the proprietaryarchitecture of the content distribution network 2100, at today'sprocessing power, it would take a super-computer many years to crackencryption under a brute force attack scenario. Even then, the intruderwould have access to only the amount of time equivalent to the keyperiod of viewing. This process would have to be repeated for each keyperiod in the film.

Persistent Forensic Watermarking

The movie accessing device 2106 to watermark each movie with a Member'sUnique Identifier (WA) linking it back to the individual member. Thewatermark is persistent, invisible to the naked eye and irremovablewithout the destruction of the underlying image. A watermark thusoperates as a digital beacon stitched into the fabric of the film.

Forensic Data Center

The movie distribution system 2118 has a dedicated data center thatconstantly searches for s outside the content distribution network 2100.Since the MUI is inserted at the movie accessing device, any MUI foundanywhere on the internet 2100 is considered illicit. At this point, themember's movie accessing system 2106 will he shut off and quarantined.If the abuse or illicit activity is confirmed, the member and thehousehold will be banned from the content distribution network 2100.

P2P Polluter

Once an MUI is detected outside of the content distribution network2100, the movie distribution system 2118 (and specifically a forensicanalysis system 2238) distributes corrupted files of the same film at aratio of 1,000 to 1 via peer-based distribution. Therefore, immediately“diluting” the infringement to a rate that would be extraordinarilyfrustrating, if not impossible, for further piracy of that copy to takeplace.

The content distribution network 2100 provides custom dashboards to theproduction studios 2110 and the exhibitors 2108 with transparentup-to-the-minute reporting on a title-by-title basis. In anonymousformat, the movie distribution system 2118 provides “behavioralanalytics” to better target market members who are fans of particulargenres or filmmakers. Increasing titles, surfacing more relevant choicesper member and ultimately increasing purchases betters allconstituencies. F

The content distribution network 2100 may be implemented as a closedmembership service, and records for members or subscribers in thefollowing basic information:

-   -   Name    -   DOB (must be 18+)    -   Gender    -   Home Address    -   Email    -   Phone number (home and cell)    -   Own or rent home    -   How long lived at home address

From this information, and a social media scrape—automated analysis of amember's social media profile and circle—the movie distribution system2118 is able to determine the applicant's suitability and grant or denymembership.

Once membership is granted, the member's card is charged for shipping ofthe movie accessing system 2106. The movie accessing system 2106 isdrop-shipped directly to the home residence of the accepted member, anda signature will always be required.

The content distribution network 2100 a technology platform enablingexhibitors 2108 to distribute first-run movies to a residence 2114. Whenthe movie is in theaters, it is on the content distribution network2100. When it is out of theaters, it is off the content distributionnetwork 2100.

With reference to FIG. 22, an example embodiment of content distributionnetwork architecture 2200 is shown. A movie distribution system 2118provides server-side functionality via a network 2208 (e.g., theInternet or wide area network (WAN)) to a movie accessing system 2106 inthe example form of a set top box 2204. Various subsystems, including aview system 2210, a video system 2212, and a forensics system 2214 arehosted and execute on the set top box 2204.

The movie distribution system 2118 includes an application server 2222,which in turn hosts a number of sub-systems that provides a number offunctions and services to studio server 2202 and the set top box 2204.

The set top box 2204 enables a consumer 2104 to view and interact withthe movie distribution system 2118. For instance, the user providesinput (e.g., touch screen input or alphanumeric input) to the set topbox 2204, and the input is communicated to the movie distribution system2118 via the network 2208. In this instance, the movie distributionsystem 2118, in response to receiving the input from the user,communicates information back to the set top box 2204 via the network2208 to be presented to the user.

An Application Program Interface (API) server 2218 and a web server 2220are coupled to, and provide programmatic and web interfacesrespectively, to the application server 2222. The application server2222 comprises a number of subsystems including a distribution system2224, a security system 222h, an encoding system 2228, an ingest system2230, a forensic analysis system 2238, a quality assurance system 2240,and a subscriber management system 2206.

The ingest system manages the retrieval of content from the studios forencoding and distribution.

The quality assurance system works to ensure movies are encoded withhigh quality and there are no errors in the resulting files.

The subscriber management system is the core registry of members of theservice, and is the database that determines whether a member's deviceis valid and can be issued keys to decrypt the movie.

The application server 2222 is, in turn, shown to be coupled to adatabase server 2232 that facilitates access to information storagerepositories (e.g., a database 2234). In an example embodiment, thedatabase 2234 includes storage devices that store information accessedand generated by the set top box 2204

Additionally, a video delivery application 2216, executing on a studioserver 2202, is shown as having programmatic view to the moviedistribution system 2118 via the programmatic interface provided by theApplication Program Interface (API) server 2218.

Further, while the content distribution network architecture 2200 shownin FIG. 22 employs a client-server architecture, the present inventivesubject matter is of course not limited to such an architecture, andcould equally well find application in a distributed, or peer-to-peer,architecture system, for example. The content distribution networkarchitecture 2200 could also be implemented as a standalone softwareprogram, which does not necessarily have networking capabilities.

FIG. 23 is a block diagram illustrating further details of thesubscriber management and credentialing technology, according to someexample embodiments, as implemented between a movie distribution system2118 and exhibitors 2108.

Exhibitors maintain a credentialing system 2302, and a credentialdatabase 2304, to track the issuance of credentials for the viewing ofmovies within the theaters operated by the exhibitors 2108. To this end,the credentialing system 2302 provides on-premise terminals at whichmovie theater-goers can purchase credentials. The credentialing system2302 may also have a web and application program interfaces so as toallow the purchase of theater credentials remotely, via the Internet(e.g., on webpages or using credential purchasing applications hosted onmobile other computing devices).

A subscriber management system 2206 of a movie distribution system 2118is able to access the credentialing system 2302 of the 2108 via thenetworks 2120. This in turn enables a consumer 2104, via the set top box2204, to interact with the movie distribution system 2118 to purchasecredentials for accessing content (e.g., a movie), with this credentialpurchased being accredited to the exhibitors 2108 and reflected in thecredentialing system 2302 of the exhibitors 2108. For example, aconsumer 2104 may interact with the movie distribution system 2118, viathe networks 2120, and issue a credential purchase request to the moviedistribution system 2118. The movie distribution system 2118, in turn,may record a corresponding credential purchase authorization within thesubscriber database 2308. The credential purchase authorization enablesand authorizes access by the set top box 2204 to a digitized version ofthe movie (e.g., stored within the movie database 2116). The moviedistribution system 2118 further interacts via the networks 2120, withthe credentialing system 2302 to associate a credential purchaseauthorization within the 2206 with a credential purchase recorded in thecredential database 2304. This is synchronization between the subscribermanagement system 2206 and the credentialing system 2302 enablesredemption of a credential (or multiple credentials) to view a movie ateither a movie theater operated by the exhibitors 2108 and/or within aresidence 2114 via the set top box 2204.

As with credential purchase authorizations, credential redemptions arelikewise synchronized between the credentialing system 2302 and thesubscriber management system 2206, so that the viewing of a movie, forexample, on the set top box 2204 may disqualify further viewing of themovie within a theater operated by the exhibitors 2108.

FIG. 24 is a schematic representation of interactions by variouscomponents described with reference to the preceding figures.

A routine is not described, which may be implemented and executed, insome example embodiments, by the movie distribution system 2118described with reference to the preceding figures.

In block 2502, routine 2500 stores subscriber information for asubscriber within the subscriber database 2308 of a movie distributionsystem 2118.

In block 2504, routine 2500, in the subscriber database 2308, associatesthe subscriber with a content accessing system (e.g., the set top box2204).

In block 2506, routine 2500 receives, via a communications network andat the content distribution system, a credential purchase request.

In block 2508, routine 2500 responsive to receipt of the purchaserequest, issues the credential to view the movie at one of a movietheater or using the content accessing system issued to the subscriber.

In block 2510, routine 2500 presents the subscriber with a list ofmovies that are viewable at a plurality of movie theaters within apredetermined geographical proximity of the subscriber, and receives apurchase selection of the movie from the list of movies from thesubscriber.

In done block 2512, routine 2500 ends.

In block 2602, routine 2600 starts.

In block 2604, routine 2600 associates the subscriber with a contentaccessing system in the subscriber database 2308.

In block 2606, routine 2600 receives, via a communications network andat the content distribution system, a content access request to access aparticular content item (e.g., a movie).

In block 2608, routine 2600 responsive to receipt of the access request,issues access rights to access the content item at one of a first venueor a second venue.

In block 2610, routine 2600 presents the subscriber with a venues withina predetermined geographical proximity to the subscriber, and receivesselection of the second venue from the subscriber from among the venues,

In done block 2612, routine 2600 ends.

In block 2702, routine 2700 receives input to initiate playback of themovie within a venue.

In block 2704, routine 2700 using the movie accessing system 2106,initiates a scan to locate wireless devices within a predeterminedproximity of the movie accessing system 2106.

In block 2706, routine 2700 determines that a threshold number ofwireless devices are present within the predetermined proximity of themovie accessing system 2106.

In block 2708, routine 2700 responsive to the determination, initiates averification operation to detect violations of access rights withrespect to the movie.

In block 2710, routine 2700 using the movie distribution system 2118,determines a social media identifier for a subscriber associated withthe movie accessing system 2106, retrieves social media data from asocial media data system using the social media identify; andautomatically analyzes the social media data to detect violations of theaccess rights with respect to the movie,

In done block 2712, routine 2700 ends.

In block 2802, routine 2800 receives an access request to access to themovie, available via the movie distribution system 2118, within thevenue.

In block 2804, routine 2800 using movie accessing system 2106 andresponsive to the access request to access the movie, initiates a scanto locate wireless devices within a predetermined proximity of the movieaccessing system 2106.

In block 2806, routine 2800 determines that a mobile device of asubscriber associated with the movie accessing system 2106 is notpresent within the predetermined proximity of the movie accessing system2106.

In block 2808, routine 2800 determines whether a predetermined number ofaccess requests for movies available via the movie distribution system2118 have been received at the movie distribution system 2118 from adevice without geographical proximity to the mobile device of thesubscriber.

In block 2810, routine 2800 responsive to the determination, initiatinga verification operation to detect violations of access rights withrespect to the movie.

In block 2812, routine 2800 detects that a violation of the accessrights with respect to the movie has occurred and, responsive to thedetecting, restricts to the movie within the venue.

In done block 2814, routine 2800 ends.

In block 2902, routine 2900 monitors a plurality of content systemsoutside of the content distribution network 2100 to identify anout-of-network watermark digitized version of the movie.

In block 2904, routine 2900 receives an access request at the moviedistribution system 2118 from the movie accessing system 2106 associatedwith a subscriber to a movie subscription service operated by the moviedistribution system 2118

In block 2906, routine 2900 using the subscriber identifier, accessesthe subscriber database 2308, to determine that the subscriber isauthorized to access the movie.

In block 2908, routine 2900 responsive to the determination that thesubscriber is authorized to access the movie, applies a persistentforensic watermark to the digitized version of the movie to generate awatermarked digitized version of the movie.

In block 2910, routine 2900 distributes the watermarked digitizedversion of the movie from the movie distribution system 2118 to themovie accessing system 2106.

In block 2912, routine 2900 responsive to identifying the out-of-networkwatermark digitized version of the movie, disabling and quarantining themovie accessing system 2106.

In done block 2914, routine 2900 ends.

In block 3002, routine 3000 monitors a plurality of content systemsoutside of the content distribution network 2100 to identify anout-of-network watermark digitized version of the movie.

In block 3004, routine 3000 receives an access request at a moviedistribution system 2118 from the movie accessing system 2106 associatedwith a subscriber to a movie subscription service operated by the moviedistribution system 2118

In block 3006, routine 3000 using the subscriber identifier, accessesthe subscriber database 2308, to determine that the subscriber isauthorized to access the movie.

In block 3008, routine 3000 responsive to the determination that thesubscriber is authorized to access the movie, applies a persistentforensic watermark to the digitized version of the movie to generate awatermarked digitized version of the movie.

In block 3010, routine 3000 distributes the watermarked digitizedversion of the movie from the movie distribution system 2118 to themovie accessing system 2106.

In block 3012, routine 3000 responsive to identifying the out-of-networkwatermark digitized version of the movie, automatically distributingcorrupted digitized versions of the movie via the movie distributionsystem 2118

In done block 3014, routine 3000 ends.

FIG. 31 is a diagrammatic representation of a content distributionnetwork within which various example embodiments may be implemented.

In one embodiment, the system delivers first-run, feature films into thehome. As such it is designed as a high standard consumer video service.Films are encoded at higher bit-rates to ensure the highest viewingquality. Content is distributed and saved to local storage inside thein-home viewing device. The system is designed with the high levels ofpiracy detection and prevention.

FIG. 32 is a diagrammatic representation of another content distributionnetwork within which various example embodiments may be implemented.

The content distribution of FIGS. 31 and 32 provide a similar level ofsecurity.

Ingest

The head end receives content from the studios using the Digital CinemaDistribution Coalition (DCDC) system, which pitches theater-qualityencoded movies over a satellite connection. The DCDC system alsoincludes provisions for exception-handling in cases where the satellitedelivery fails, falling back ultimately to hand-delivered hard drives inthe worst case.

In one embodiment, one aspect of the DCDC system is adapted. Because ofencoding content for atypical flat-panel television screen, it isre-encoded at the head end for distribution, such that it is madeavailable to the encoding system “in the clear.” The ingest system isadapted to populate a secure file server with content that can beaccessible by the encoding system.

In one embodiment, the DCDC system is leveraged for delivery andmanagement of availability windows so the contents of the contributionfile system conforms to industry standards.

In one embodiment, the output of the Ingest system is the ContributionFile Server (CFS) with high-quality content for the movies and trailersthat the system relies on.

FIG. 33 is a diagrammatic representation of yet another contentdistribution network within which various example embodiments may beimplemented.

Encoding

Various embodiments manage a broad range of formats, frame rates andconversions, including HD, 3D, Mezzanine, 4K, UHD and HDR. Someembodiments offer native support for the Materials eXchange Format(MXF), and Inter-Operable Media Files (IMF) for Digital-End-To-End(DETE) system.

In one embodiment, new features and trailers that arrive in the CFS areautomatically encoded to the defined profiles by a bank of encodingmachines.

In one embodiment, content is encoded in H.265 video at a sufficientlyhigh average bitrate to eliminate artifacts at full resolution. In the“constant quality” approach taken, the bitrate is allowed to vary whenthe content is more demanding rather than over-constraining the encodingprocess. In one embodiment, this uses the download-first deliverysystem. Because the entire feature is played from local storage, thepeak encoded bitrate can be very large. High-action scenes simplyconsume more bandwidth with no effect on quality.

Audio is encoded in 7.1 channel surround sound in multiple formats tomatch the capabilities of home theater receivers. The appropriate formatis delivered based on the user's receiver, and any necessarytransformation from that format is handled by the set-top box.

Metadata

The DCDC system carries metadata to describe every feature and trailer.In some embodiments the User Experience (UX) uses some enhancements tometadata to complement the on-screen UI. Some augmentation of theavailable metadata is handled by an editorial staff and entered into theMetadata system.

In one embodiment, a MongoDB database is the master store of allmetadata for the editorial system. In one embodiment, this, and allother data is stored within secure data centers. Data centers followmodern approaches to securing data, ranging from multi-tiered services,encrypted server-to-server communication throughout, and physicalsecurity around storage of key assets.

Some embodiments provide extensive technical and editorial metadataservices, with a single master ingestion and normalization process thataligns source material with industry metadata and identificationstandards (e.g. EMA, EIDR). Metadata is sourced directly from ContentProviders and be conditionally augmented with external data sources.

Encryption

In some embodiment, all content is encrypted with an AES block cipher.AES keys are changed periodically (such as every few seconds) to limitthe impact of a brute-force attack on the content. In one embodiment,keys are never reused beyond the block of content in the particular filethey are matched to, so even a successful attack on a single AES keyyields only access to a few seconds of video. These keys areindividually encrypted and delivered to each in-home STB that purchasesthe movie just prior to viewing. In one embodiment, within the STB, thekeys are decrypted only within the trusted secure processor to preventleakage.

FIG. 34 is a diagrammatic representation of server-side watermarkingaccording to some example embodiments.

Watermarking

As part of the overall effort make the content highly secure andtrackable, down to the end user, in some embodiments watermarking isimplemented for all content. Some embodiments include a server andclient component aspect.

Once content has been received in the secure NOC facility, server sidewatermarking is applied. This is done by using two streams of the samecontent and embedding content segments with specific watermarking. Thesegmented video content is further encrypted with individual keys.

FIG. 35 is a diagrammatic representation of set-top-box watermarkingaccording to some example embodiments.

On the Set-Top-Box side the secure domain within the SOC provides thedecryption and decoding of the protected content. Furthermore, HDCP isused for connecting via HDMI to final display (TV).

FIG. 36 is a diagrammatic representation of the content distributionnetwork of FIG. 31 with an example watermarking implementation withinwhich various example embodiments may be implemented.

Quality & Service Assurance

In some embodiments encoded content and metadata are previewed on anactual in-home set-top box by QA staff to ensure there are no errors inencoding or metadata. Once a new feature has been QA'd and approved, thecontent is made available to the Origin Server for distribution.Performing QA on an actual STB ensures the entire end-to-end chain isfunctioning properly.

In some embodiments all parts or at least one part of the system,including the STB, collect key data that is examined for anomalies. Anyproblem with the display of any frame of a film is reported andescalated through support staff at the Network Operations Center (NOC).Anomalies are traced to root cause and actions are taken to restoreservice or identify faulty hardware.

The data is available to Customer Service as well, to allow for rapidtroubleshooting and validation of viewer complaints. Any gap in thechain of problem identification and resolution is fed into an ongoingprocess improvement system that is focused on a 99.999% uptime.

Cloud Hosting, Storage and Distribution

The distribution infrastructure is set up in a secure cloud hosting,storage and delivery services for a library of the capacity of, forexample, 50,000 movies with ingest from any major Content Provider.Content is published 1) in Mezzanine quality to support any downstreamworkflows; 2) in ABR format to a pre-designated end-point; 3) to any CDNorigin storage (with DRM) and/or 4) to any provided IP-capableset-top-box, which is studio-approved and MPAA-certified cloud.

In some embodiments, encoded and encrypted content is stored on theOrigin Server. Content Distribution Network (CDN) partners pull contentfrom the Origin Server and make it available at scale to the customerbase. Downloading into the SSD storage in the in-home STB is essentiallya “pull” operation driven by an arbitrage according to each CDNpartner's cost structure and availability.

In order to ensure the best possible viewing experience, devicesdownload all available content, or a selected or automatic subset, tothe local storage and keep it until the end of the availability window.This allows a viewer to impulse-purchase a film and view it with highestquality even if the viewer's internet connection is unstable.

In some embodiments, an internet connection is still required at thetime of viewing, however, for delivery of keys and to ensure thecollection of forensic information. Since the keys are a fraction of thesize of the actual video data, the time it takes to download them at thetime of purchase is negligible.

Trailers are also downloaded into the local storage and played prior toviewing of the feature film. During this time the STB and service worktogether to validate the integrity of the downloaded content, ensure thekeys are properly delivered, and the internet is sufficiently availablefor forensic collection.

Tier-1 network delivery ensures high-quality video delivery, acrossmultiple networks and leverage enhanced media consumption insights.

In some embodiments, the system manages and enforces Content Providersrequired potential content rights limitations (e.g., geo-blocking).

FIG. 37 is a block diagram illustrating a set-top box, according to someexample embodiments.

Customer-Premises Equipment

In one embodiment the in-home device looks like a set-top box. Someembodiments have one or more of:

SSD storage for pre-cached film content.

Custom individual watermarking with the device's unique ID.

Highest-quality video decoding—minimum 4k capable.

Modern graphics for an excellent UI,

Identification of the television for pairing.

Network-scanning, both WiFi and Bluetooth.

Hardware/Security

The device has a system-on-chip (SoC) that includes all or manyfunctions: CPU, GPU, A/V decode, secure processor (SP). The SP assumesthat it cannot trust the host CPU, and in one embodiment allauthentication of the device to the service is essentially a transactionbetween the service and the SP. The SP includes secure storage for keysas well as secure use of the keys for both symmetric and asymmetricdecryption. In one embodiment, in no event is a key ever exposed to thehost processor on the SoC. In one embodiment, as A/V bitstreams aredecrypted they are kept in an area of memory inaccessible to the CPUwhile waiting to be decoded by the A/V decoder. By design, even a rooteddevice is unable to access keys or decrypted bitstreams.

In one embodiment, as a further measure of security, the device has amechanism in the case that disables the device permanently andirreversibly if any attempt is made to open it.

OS/UX and Framework

In one embodiment, the underlying operating system running on the hostprocessor is Android. Android is a variant of SELinux with an additionalJava-based application framework. In one embodiment, since the devicehas no need for applications, the Android Operating System (OS) isstripped down to its basic elements necessary for operation, and theJava application environment is removed.

In one embodiment, the user-interface is built using web technologies totake full advantage of modern tools for expressing an experience. Tosupport this, in one embodiment the OS implements a constrained,embedded version of the “Chromium” browser core which forms the basis ofthe “Chrome” browser. The Chromium browser core itself is subjected topruning, but also extended to support certain aspects of the service.

Mobile Verification

In one embodiment the primary viewer's mobile phone is paired with thedevice to ensure the viewer is present when the device is active. In oneembodiment pairing is performed by the Screening Room iOS/Androidapplication. In one embodiment initial pairing is done by presenting aQR code on the television, which is viewed by the app using the mobiledevice's camera. In one embodiment once this pairing is established,audio fingerprinting can be used on an on-going basis to verify thepresence of the viewer's mobile phone.

Forensics

Piracy

In one embodiment the primary attack vectors of concern for the systemare that of copying digital content from the system via HDMI, and bytraining a camera on the output of a television.

HDMI piracy is mitigated to some extent by television pairing using thetelevision's (or intermediate receiver's) unique ID, which is used todetermine when the device is no longer connected to the originaltelevision. A call to customer service is required to re-enable thedevice after a legitimate move.

To handle both the case of digital copying as well as capturing photonsfrom a screen, a forensic watermark is applied by the STB containing theID of the device.

At the same time, the infrastructure includes a web crawler that isconstantly searching for pirated versions of feature films. When the webcrawler identifies a film, it scans it for watermarks. If a match isfound, the account that matches the ID found in the watermark can beheld accountable and, if necessary, disabled.

Clustering

The terms of service make it clear that the device is for householdresidents only. To impede attempts at “clustering,” or allowing anexcessive number of others to view the film in the viewer's home, insome embodiments one or more techniques are employed:

Periodic scans of the home network are performed to keep track of thenumber of devices that are connected to WiFi.

Periodic scans for Bluetooth devices are performed to count nearbyphones and tablets.

A fingerprint is embedded into the audio that can be used to ensure theactual viewer's mobile phone is within range of the television.

Any suspicious activity is followed up with a scan of the viewer'ssocial media activity to determine if there is reason to suspectintentional “clustering.”

Credentialing for Re-Experiencing

Viewers receive with each purchase the opportunity to re-experience thefilm at their theater of choice. Each purchase qualifies the viewer toreceive two or more credentials and allow the viewer to make theirshowtime selection on-screen.

This involves several threads of execution:

Tracking vouchers. Once a purchase is made, the credit for viewing inthe theater is recorded and tracked until the film is no longeravailable.

Showtime selection. Presentation of available showtimes to the user alsoinvolves mitigating impact to peak theater attendance. Operational rulesare available in the system to reduce availability for re-experiencingwhen the showtime is nearly sold out.

Seat selection. Since many theaters now offer reserved seating, in oneembodiment the system allows for seat selection with purchase.

Additional credentials. Viewers may purchase additional credentials forfriends and family members to combine with the two or more credentialsthey receive with the original purchase. This supports seat selection,so the group can sit together.

Upgraded credentials. Viewers may choose to upgrade their originalcredentials to higher quality experiences (e.g. IMAX, 3D, etc.).

Mobile credentials on the viewer's phone.

Implementation of credential policy. The two or more credentials fromthe original purchase are for the use of the viewer and household only.In various embodiments, the system has one or more hooks to ensure it isextremely difficult to sell or share the credentials outside thehousehold:

The viewer s mobile device is validated using SMS ensuring thecredential QR code cannot be displayed on an un-validated device.

The QR code is not made available to the mobile device until a shorttime before the scheduled viewing.

The QR code is made available using geo-fencing to verify the user'sproximity to the designated theater.

The QR code contains subtle animating graphics to mitigate the risk ofthe sharing screenshots of credentials.

The viewer's avatar is displayed on the mobile app along with the QRcode to the trained agent at the theater to withhold issue of thecredential if a photo verification isn't possible.

In one embodiment credentialing is through integration with an existingcredentialing system like Fandango. In this case the credential policyis implemented as described as above. In another embodiment, credentialsare issued via a separate kiosk in the theater that implements one ormore additional screening techniques:

Video verification to ensure the viewer is present. Primarily forforensics, this allows follow up on a pattern of suspected abuse.

Bluetooth challenge-response validation between the viewer's phone andthe kiosk (to mitigate the ability of a QR code being shared withanother device).

Mobile Application

Standalone App

An engagements for end users, apart from the TV/STB application, is themobile application. The mobile application can be used for one or moreof: browsing content, viewing trailers (but not full length featuremovies), viewing additional optional content provided for purchasedcontent, accessing subscriber settings and managing overall accountsettings, approval of purchase content, ordering theater credentials andrelated concessions, selecting seats in theater and reservingtransportation if necessary (e.g. Uber integration), and also being ableto use it as a remote control when in proximity of the STB.

Out of Box Experience (OOBE)

When the Set-Top-Box (STB) is first received by the end user,installation or Out-Of-Box-Experience is very straight forward. The enduser connects the STB to power and to the HDMI input on the TV.

Next, the end user downloads a mobile application. The first runscenario after installation (from the app respective app store), guidesthe end user through the next steps of the installation process. Namely,setting up the personal account with all personal and paymentinformation (as much as possible pre-populated by the backend servicesand the information that on hand about the customer), and setting uppersonal preferences as well.

Once the personal set up is completed, the pairing with the STB will isthe next phase, for example, via wireless (WiFi) connectivity in thehome. The mobile app automatically discovers and pairs itself with theSTB that it found in the vicinity. Next, the phone connects the STBdirectly to the home network (WiFi) as well, and sets up passwordprotection for both devices. Once the STB is connected to wireless andthe pairing of the phone/STB is completed, the system is ready forconsumption and an introductory video is started.

Remote Control (Virtual App)

As part of Mobile Application, the application can be used as a remotecontrol with the Set-Top-Box (STB). When playback of a feature contentis started on the mobile application, the phone/app connects directly tothe STB via WiFi and/or Bluetooth for connecting to the player on theSTB. This enables the phone app to act as the remote control for the TVviewing as well as providing other related feature integrations (e.g.,sharing of content/movie, providing feedback and rating, any otherpersonal settings and/or preferences related to movie watching).

The mobile app can be used at any time to engage directly with the STB,provided that the mobile phone is within range of the STBs wirelessradios (as dictated by Bluetooth about maximum of 30 meters and WiFisignal strength).

Virtual Credential—Theater Connection

The mobile app has interaction with the credentials that the end userhas received as part of his movie purchase. For this interaction, thereis a separate tab available on the mobile app that connects to thebackend services (where we store the available credentials, redeemedcredentials, and any related information). With the movie tab, the enduser can select movie theater locations (browse all available and/orproximity selection as well), select seats directly (e.g. thruAPI/service integration of AMC and other services on our aggregationserver), select any premium experience consumption for the theater (e.g.pre-order concession directly and have them ready for pick up/deliveryat the time of arrival), order any other services (e.g. Uber ridereservation to/from theater).

Furthermore, the end user can augment and/or change the numbers oftheater goers that would join him/her in the experience and have aseamless transaction right there, with a one click approval.

Once all selections have been made, a confirmation is provided and asecure bar or QR code will be sent to the customer on file (e.g. mainapprover of household). This allows for easy redemption of thecredentials and any related concession on theater premise (e.g. similarexperience as TSA pre-check).

Data Analytics

Analytics & Reporting

A component of backend services is the analytics engine and overallreporting capabilities derived from it.

Reporting is a core service provides to the content providers (e.g.Studios) for their assessment and based on their specific requirements.This is made available via at least one of two main components:generated queries and related reports, and self-service access to ourdata via exposed APIs and/or web portal for our partners.

The architecture enables data collected to feed components enablingreal-time decision making. The full click-stream data set by individualclient device and/or app service is collected.

Other services on this architecture allow for services like offermanagement to end users, recommendation services, special invitations tocontent/events, potential advertising and/or data sharing for othermonetization or improved customer experiences.

One embodiment includes a series of standard web enabled dashboards(with customization options for visual representation and data selectionrange). Another embodiment allows for data export in pre-defined fileformats, allowing for use of 3rd party tools as well. Web exposure isthrough standard HTML, for example.

Full access is provided to affiliate marketing site for any potentialmarketing materials and other assets, eliminating the need for multiplemarketing service group interactions. He client base can be leveraged tohelp partners and content providers to make intelligent marketing andmerchandising decisions.

Telemetry

As part of the overall monitoring and quality of service guarantee thetelemetry service, which provides continuous analysis of data streams,assist the quality of service guarantee (QoS). A main data store for theTelemetry service is be the Telemetry database. Service monitoring toolsare used as well.

Subscriber Management

Billing

Billing (credit card) solutions are used for the backend servicesincluding gifting, credits, cancellation, etc. Overall billingpreferences are part of the subscriber settings, in that end users canupdate and assign multiple billing options (e.g. cards), at theirconvenience.

Studio-approved processes are used for royalty reporting, includingaccount set-up, payment instrument integration, invoicing andreconciliation. Mandatory and optional data points required by ContentProviders are managed.

Preferences & Settings

End user preferences and settings are stored in the subscriber database.The end user has access to personal settings and preferences via one ormore options:

Using the mobile application and use the ‘Settings Tab’ on the mobileapp to directly access and manipulate the stored data. This is a way tomanipulate the setting and preferences data.

On TV screen/app section with a limited input mode assumption there isno key board for entering credit card or address information).

Web application and use the ‘Settings Tab’ on the web page. This willhave the same full functionality as the mobile application.

International

Service Scaling

Server side infrastructure (hosted cloud services) are expandable tocover other geographies. Since those services are hosted in oneembodiment (e.g., AWS), many of the local government and data protectionaspects are shielded for a direct impact to implementations. Sameconcept is applied to CDN scaling in various geographies and the ingestand delivery mechanism is applicable.

Localization

Screening Rooms systems are capable of processing audio, subtitling andclosed-caption files in 80+ languages for future global expansion.

Databases

Content Database

Among the various databases/services for hosting, the Content Databaserepresents a central storage for content. This includes full featuremovie content, and related trailers, and/or supplemental content relatedto any movie. The service capability includes the whole content lifecycle from ingest to removal at end of windowing period. Furthermore,workflow is implemented based on overall process and related meta data(e.g. movie posters, rating, etc.) is stored accordingly as well.

Theater Database

As part of the overall experience, customers can select their theaterlocation of choice. The Theater database serves as a main aggregationhub for all theater locations. This is accomplished by continuouslymonitoring and updating table content directly from services exposed bythe respective data sources (e.g. AMC API service calls for locationattributes and updated location parameters). The Theater database alsosupports credentialing, seat selection, concession information and/orother exposed services, that are provided as part of the API/serviceexposure provided. This allows for overall aggregation, and an expeditedexperience from a customer perspective.

Subscriber Database

A main store for all subscriber/customer information is the Subscriberdatabase. As part of subscriber management system, this store holds therelevant customer information. Among those are: user accounts andrelated customer identifiable information, related householdinformation, customer preferences, payment and billing, devicesubscription and management, purchase history, related search history,concession and credential transaction history, and all subscribersettings that can be accessed either via the mobile applications or thewebpage.

The subscriber database also stores the Universal User Profile. Thisserves as the store for end users's services—like accessing viewinghistory, purchasing history, cross-device pause/resume, authentication,preferred settings and others.

Telemetry Database

The Telemetry database is used for internal telemetry assessment andmonitoring of all services. As a central store for many of the otherservices, it contains overall system usage data (provided from serviceslike ingest, CDN usage, concurrent user, bandwidth usage, etc.). Avariety of monitoring is coupled to an internal API for qualityassurance and continuous monitoring by the support staff for quality ofservice guarantees and trouble shooting if necessary. Furthermore,analytics are run on the overall usage data, combined with subscriberinformation and input from the forensic services, to monitor and/ordetect any improper behavior of service consumption.

FIG. 38 is a diagrammatic representation of services of a contentdistribution network within which various example embodiments may beimplemented.

Security Efforts & Continuous Reviews

One embodiment gathers and identifies all relevant requirements (fromStudios, MPAA, etc.)

One embodiment considers any potential contractual or regulatoryrequirements (e.g., PCI-DSS, SEC, Cybersecurity requirements, etc.)

One embodiment builds and reviews a requirements matrix of all controls(includes inspection steps, supporting artifacts, etc.)

One embodiment conducts assessment and review of initial statecapabilities, desired future state and processes in place to meetrequirements through interviews and workshops with business andtechnology stakeholders.

One embodiment identifies gaps, artifacts to support requirements anddevelop recommendations to remediate gaps.

Customer Support

Customer support is provided at a Network Operations Center, with mediadistribution monitoring, incident reporting and issue resolutionprocedures. In addition to detailed FAQs and 24/7 email and phonesupport, clients receive automated notifications with an up-to-datestatus towards any issue/resolution.

Various Embodiments

In the various embodiments disclosed, “receiving” is replaced with“accessing”. In some embodiments, an “accessing” element relies onanother element to perform any “receiving.”

In some embodiments, impairing is wireless or wired.

Some embodiments are directed to a server embodiment.

Various embodiments are:

A method comprising:

providing, to a client-side computing device, digital content from aserver;

in response to a determination that a client-side computing device isoutside of a predetermined geographic area in which the client-sidecomputing device is authorized to present the digital content, theserver causing a remedial action.

A method comprising:

in response to a detection that a client-side computing device has beenunpaired from the viewing device, a server executing a remedial action,

wherein the detection that the client-side computing device is unpairedfrom the viewing device occurs after the client-side computing device ispaired to a viewing device such that the client-side computing device isable to cause digital content received from the remote server to bepresented on a display of the viewing device.

A method comprising:

in response to receiving a determination that a number of users viewingdigital content exceeds a threshold number of authorized usersassociated with the digital content, a server executing a first remedialaction;

wherein the determination is based on a number of mobile computingdevices that are within a geographic distance of the client-sidecomputing device, that a number of users viewing the digital contentexceeds a threshold number of authorized users associated with thedigital content; and the determination occurs after a client-sidecomputing device presents digital content that received from the server.

A method comprising:

in response to receiving determining that a number of unconfirmed sonicsignals exceeds a threshold number of allowable unconfirmed sonicsignals, a server executing a remedial action;

wherein the notification occurs after a client-side computing devicereceives digital content from a the server, the client-side computingdevice periodically presents a sonic signal to confirm that a mobilecomputing device of a user authorized with the client-side computingdevice is within a desired geographic distance of the client-sidecomputing device, and wherein each sonic signal, upon being detected bythe mobile computing device, causes the mobile computing device totransmit a confirmation message to the server confirming that the mobilecomputing device detected the sonic signal; and

the server performs said determining that a number of unconfirmed sonicsignals exceeds the threshold number of allowable unconfirmed sonicsignals, wherein the number of unconfirmed sonic signals indicates anumber of sonic signals presented by the client-side computing devicethat the mobile computing device did not confirm detecting.

Various server-related embodiments, include one or more processors; andone or more computer-readable mediums storing instructions that, whenexecuted by the one or more compute processors, cause the server toexecute server operations as disclosed.

Various server-related embodiments, include one or morecomputer-readable mediums storing instructions that, when executed bythe one or more computer processors, cause a server to execute serveroperations as disclosed.

What is claimed is:
 1. A method comprising: receiving, by a digitalcontent delivery system, a request from a client-side computing deviceto access digital content maintained by the digital content deliverysystem; determining, by the digital content delivery system, that anumber of times the client-side computing device has accessed digitalcontent meets or exceeds a threshold number of times the client-sidecomputing device is permitted to access digital content; and in responseto determining that the number of tunes the client-side computing devicehas accessed digital content meets or exceeds the threshold number,denying the request and executing a remedial action.
 2. The method ofclaim 1, further comprising: determining the number of times theclient-side computing device has accessed digital content.
 3. The methodof claim 2, wherein determining the number of times the client-sidecomputing device has accessed digital content comprises: reviewing ausage history associated with the client-side computing device, theusage history including a listing of access requests received from theclient-side computing device for digital content.
 4. The method of claim1, wherein the number of times the client-side computing device hasaccessed digital content is a number of times the client-side computingdevice has accessed digital content during a first time period.
 5. Themethod of claim 1, wherein the number of times the client-side computingdevice has accessed digital content is a number of times the client-sidecomputing device has accessed a specific digital content item that isbeing requested in the request received from the client-side computingdevice.
 6. The method of claim 5, wherein the specific digital contentitem is a movie.
 7. The method of claim 1, wherein executing the firstremedial action comprises: scanning social media activity of a userassociated with the client-side computing device for postings made bythe user that indicate that the user is allowing unauthorized access tothe digital content.
 8. A digital content delivery system comprising:one or more computer processors; and one or more computer-readablemediums storing instructions that, when executed by the one or morecomputer processors, cause the digital content delivery system to:receive a request from a client-side computing device to access digitalcontent maintained by the digital content delivery system; determinethat a number of times the client-side computing device has accesseddigital content meets or exceeds a threshold number of times theclient-side computing device is permitted to access digital content; andin response to determining that the number of times the client-sidecomputing device has accessed digital content meets or exceeds thethreshold number, deny the request and executing a remedial action. 9.The digital content delivery system of claim 8, wherein the instructionsfurther cause the digital content delivery system to: determine thenumber of times the client-side computing device has accessed digitalcontent.
 10. The digital content delivery system of claim 9, whereindetermining the number of times the client-side computing device hasaccessed digital content comprises: reviewing a usage history associatedwith the client-side computing device, the usage history including alisting of access requests received from the client-side computingdevice for digital content.
 11. The digital content delivery system ofclaim 8, wherein the number of times the client-side computing devicehas accessed digital content is a number of times the client-sidecomputing device has accessed digital content during a first timeperiod.
 12. The digital content delivery system of claim 8, wherein thenumber of times the client-side computing device has accessed digitalcontent is a number of times the client-side computing device hasaccessed a specific digital content item that is being requested in therequest received from the client-side computing device.
 13. The digitalcontent delivery system of claim 12, wherein the specific digitalcontent item is a movie.
 14. The digital content delivery system ofclaim 8, wherein executing the first remedial action comprises: scanningsocial media activity of a user associated with the client-sidecomputing device for postings made by the user that indicate that theuser is allowing unauthorized access to the digital content.
 15. Anon-transitory computer-readable medium storing instructions that, whenexecuted by one or more computer processors of a digital contentdelivery system, cause the digital content delivery system to: receive arequest from a client-side computing device to access digital contentmaintained by the digital content delivery system; determine that anumber of times the client-side computing device has accessed digitalcontent meets or exceeds a threshold number of times the client-sidecomputing device is permitted to access digital content; and in responseto determining that the number of times the client-side computing devicehas accessed digital content meets or exceeds the threshold number, denythe request and executing a remedial action.
 16. The non-transitorycomputer-readable medium of claim 15, wherein the instructions furthercause the digital content delivery system to: determine the number oftimes the client-side computing device as accessed digital content. 17.The non-transitory computer-readable medium of claim 16, whereindetermining the number of times the client-side computing device hasaccessed digital content comprises: reviewing a usage history associatedwith the client-side computing device, the usage history including alisting of access requests received from the client-side computingdevice for digital content.
 18. The non-transitory computer-readablemedium of claim 15, wherein the number of times the client-sidecomputing device has accessed digital content is a number of times theclient-side computing device has accessed digital content during a firsttime period.
 19. The non-transitory computer-readable medium of claim15, wherein the number of times the client-side computing device hasaccessed digital content is a number of times the client-side computingdevice has accessed a specific digital content item that is beingrequested in the request received from the client-side computing device.20. The non-transitory computer-readable medium of claim 19, wherein thespecific digital content item is a movie.